[SECURITY] Fedora 16 Update: asterisk-1.8.7.1-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 10 17:47:36 UTC 2011


---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-14480
2011-10-18 07:13:58
---------------------------------------------------------------------------=
-----

Name        : asterisk
Product     : Fedora 16
Version     : 1.8.7.1
Release     : 1.fc16
URL         : http://www.asterisk.org/
Summary     : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.

---------------------------------------------------------------------------=
-----
Update Information:

The Asterisk Development Team has announced a security release for Asterisk=
 1.8.
The available security release is released as version 1.8.7.1.

This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic=
h can
lead to a remotely exploitable crash:

   Remote Crash Vulnerability in SIP channel driver (AST-2011-012)

The issue and resolution is described in the AST-2011-012 security
advisory.

For more information about the details of this vulnerability, please read t=
he
security advisory AST-2011-012, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8=
.7.1

Security advisory AST-2011-012 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

---------------------------------------------------------------------------=
-----
ChangeLog:

* Mon Oct 17 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asteri=
sk 1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh=
ich can
- lead to a remotely exploitable crash:
-
-    Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read=
 the
- security advisory AST-2011-012, which was released at the same time as th=
is
- announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.7.1
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d=
river (AST-2011-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D746817
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----


More information about the package-announce mailing list