Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 10 Asterisk 1.6.0.17-2 Critical XSS Security Flaw

fedora
Calendar Grey November 24, 2009
Dist Fedora Esm H88
Fedora 10 enhancements for Asterisk address firmware directory problems and patch a significant XSS exploit, bolstering system security.
* Thu Nov 5 2009 Jeffrey C

Summary

Asterisk is a complete PBX in software. It runs on Linux and provides

all of the features you would expect from a PBX and more. Asterisk

does voice over IP in three protocols, and can interoperate with

almost all standards-based telephony equipment using relatively

inexpensive hardware.

Update Information:

* Thu Nov 5 2009 Jeffrey C. Ollie - 1.6.0.17-2 - Fix firmware path * Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.0.17-1 - Update to 1.6.0.17 to fix AST-2009-009/CVE-2008-7220 - Merge the firmware subpackage back into the main package. - Don't package the iaxy firmware anymore.

Topics%20covered

Topics Covered

security advisory Fedora XSS Asterisk secure coding

Change Log

* Thu Nov 5 2009 Jeffrey C. Ollie - 1.6.0.17-2 - Fix firmware path * Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.0.17-1 - Update to 1.6.0.17 to fix AST-2009-009/CVE-2008-7220 - Merge the firmware subpackage back into the main package. - Don't package the iaxy firmware anymore. * Thu Sep 3 2009 Jeffrey C. Ollie - 1.6.0.15-2 - Create /var/lib/asterisk/keys * Thu Sep 3 2009 Jeffrey C. Ollie - 1.6.0.15-1 - Drop chan_mobile, too difficult to maintain as a patch - Update to 1.6.0.15 and drop unneeded patches * Fri Jan 23 2009 Jeffrey C. Ollie - 1.6.0.5-2 - Add a patch to fix a problem with the manager interface. * Fri Jan 23 2009 Jeffrey C. Ollie - 1.6.0.5-1 - Update to 1.6.0.5 to fix regressions caused by fixes for AST-2009-001/CVE-2009-0041 (Asterisk 1.6.0.4 was never released). * Thu Jan 8 2009 Jeffrey C. Ollie - 1.6.0.3-1 - Update to 1.6.0.3 to fix AST-2009-001/CVE-2009-0041 - http://downloads.asterisk.org/pub/security/ * Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-4 - Fedora Directory Server compatibility patch/subpackage. BZ#452176 * Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-3 - Don't package func_curl in the main package. BZ#475910 - Fix up paths. BZ#477238 * Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-2 - Add patch to fix compilation on PPC * Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-1 - Update to 1.6.0.2 * Wed Nov 5 2008 Jeffrey C. Ollie - 1.6.0.1-3 - Fix issue with init script giving wrong path to config file.

References


[ 1 ] Bug #533137 - Asterisk: SIP responses expose valid usernames (AST-2009-008) https://bugzilla.redhat.com/show_bug.cgi?id=533137 [ 2 ] Bug #523277 - CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009) https://bugzilla.redhat.com/show_bug.cgi?id=523277

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: asterisk
Product: Fedora 10
Version: 1.6.0.17
Release: 2.fc10
URL: https://www.asterisk.org/
Summary: The Open Source PBX

Topics%20covered

Topics Covered

security advisory Fedora XSS Asterisk secure coding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here