Fedora 11: asterisk Security Update

    Date24 Nov 2009
    CategoryFedora
    32
    Posted ByLinuxSecurity Advisories
    * Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.1.9-1 - Update to 1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008 - Fix obsoletes for firmware subpackage
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-11070
    2009-11-06 23:58:11
    --------------------------------------------------------------------------------
    
    Name        : asterisk
    Product     : Fedora 11
    Version     : 1.6.1.9
    Release     : 1.fc11
    URL         : http://www.asterisk.org/
    Summary     : The Open Source PBX
    Description :
    Asterisk is a complete PBX in software. It runs on Linux and provides
    all of the features you would expect from a PBX and more. Asterisk
    does voice over IP in three protocols, and can interoperate with
    almost all standards-based telephony equipment using relatively
    inexpensive hardware.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    * Wed Nov  4 2009 Jeffrey C. Ollie  - 1.6.1.9-1 - Update to
    1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008 - Fix obsoletes for
    firmware subpackage
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Wed Nov  4 2009 Jeffrey C. Ollie  - 1.6.1.9-1
    - Update to 1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008
    - Fix obsoletes for firmware subpackage
    * Tue Oct 27 2009 Jeffrey C. Ollie  - 1.6.1.8-1
    - Update to 1.6.1.8 to fix bug 531199:
    -
    - http://downloads.asterisk.org/pub/security/AST-2009-007.html
    -
    - A missing ACL check for handling SIP INVITEs allows a device to make
    - calls on networks intended to be prohibited as defined by the "deny"
    - and "permit" lines in sip.conf. The ACL check for handling SIP
    - registrations was not affected.
    * Sat Oct 24 2009 Jeffrey C. Ollie  - 1.6.1.7-0.4.rc2
    - Add an AST_EXTRA_ARGS option to the init script
    - have the init script to cd to /var/spool/asterisk to prevent annoying message
    * Sat Oct 24 2009 Jeffrey C. Ollie  - 1.6.1.7-0.3.rc2
    - Compile against gmime 2.2 instead of gmime 2.4 because the patch to convert the API calls from 2.2 to 2.4 caused crashes.
    * Fri Oct  9 2009 Jeffrey C. Ollie  - 1.6.1.7-0.2.rc2
    - Require latex2html used in static-http documents
    * Thu Oct  8 2009 Jeffrey C. Ollie  - 1.6.1.7-0.1.rc2
    - Update to 1.6.1.7-rc2
    - Merge firmware subpackage back into main package
    - No longer need to strip tarball since it no longer contains any non-free items
    - Tighten up permissions/ownership of config files.
    - Fix up some more paths
    - Drop unneeded patch
    * Wed Sep  9 2009 Jeffrey C. Ollie  - 1.6.1.6-2
    - Enable building of API docs.
    - Depend on version 1.2 or newer of speex
    * Sun Sep  6 2009 Jeffrey C. Ollie  - 1.6.1.6-1
    - Update to 1.6.1.6
    - Drop patches that are too troublesome to maintain anymore or have been integrated upstream.
    * Tue Sep  1 2009 Jeffrey C. Ollie  - 1.6.1-0.26.rc1
    - Add a patch from Quentin Armitage and rebuld.
    * Fri Aug 21 2009 Tomas Mraz  - 1.6.1-0.25.rc1
    - rebuilt with new openssl
    * Fri Jul 24 2009 Fedora Release Engineering  - 1.6.1-0.24.rc1
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #523277 - CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009)
            https://bugzilla.redhat.com/show_bug.cgi?id=523277
      [ 2 ] Bug #533137 - Asterisk: SIP responses expose valid usernames (AST-2009-008)
            https://bugzilla.redhat.com/show_bug.cgi?id=533137
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update asterisk' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.