-- Denis Galvão AsteriskBrasil.org Ajude a comunidade AsteriskBrasil.org, compre uma camiseta! http://www.voipmania.com.br
Begin forwarded message: > From: Asterisk Security Team <[EMAIL PROTECTED]> > Date: 29 de novembro de 2007 20h10min53s GMT-02:00 > To: undisclosed-recipients:; > Subject: [asterisk-dev] Asterisk 1.4.15 and 1.2.25 Released > Reply-To: Asterisk Developers Mailing List <asterisk- > [EMAIL PROTECTED]> > > The Asterisk.org development team has released Asterisk versions > 1.4.15 and > 1.2.25. These releases contain two fixes for security issues. > > http://downloads.digium.com/pub/asa/AST-2007-025.pdf > * This is a SQL injection vulnerability in the res_config_pgsql > module. > Default installations of Asterisk are not affected. However, any > system using > the Postgres Realtime Engine may be remotely exploitable. This > issue only > affects Asterisk 1.4, as this module was not in Asterisk 1.2. > > http://downloads.digium.com/pub/asa/AST-2007-026.pdf > * This is another SQL injection vulnerability. The input for the > ANI and DNIS > fields were not properly escaped. Default installations of > Asterisk are not > vulnerable. However, systems that use the Postgres CDR logging > module may be > remotely exploitable. This issue affects both Asterisk 1.2 and 1.4. > > Both releases are available on http://downloads.digium.com. > > Thank you very much for your support! > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev _______________________________________________ Compre uma camiseta da AsteriskBrasil.org! http://www.voipmania.com.br == VoIPMania.com.br == _______________________________________________ LIsta de discussões AsteriskBrasil.org AsteriskBrasil@listas.asteriskbrasil.org http://listas.asteriskbrasil.org/mailman/listinfo/asteriskbrasil