Fedora: 2022-0154 Important: Apache HTTP Server Security Update

Asterisk is a complete PBX in software. It runs on Linux and provides

all of the features you would expect from a PBX and more. Asterisk

does voice over IP in three protocols, and can interoperate with

almost all standards-based telephony equipment using relatively

inexpensive hardware.

Add a patch to fix a problem with the manager interface. Update to 1.6.0.5 to

fix AST-2009-001 / CVE-2009-0041:

http://downloads.asterisk.org/pub/security/ (Original patch in

1.6.0.3 introduced a regression.)

* Fri Jan 23 2009 Jeffrey C. Ollie - 1.6.0.5-2

- Add a patch to fix a problem with the manager interface.

* Fri Jan 23 2009 Jeffrey C. Ollie - 1.6.0.5-1

- Update to 1.6.0.5 to fix regressions caused by fixes for

AST-2009-001/CVE-2009-0041 (Asterisk 1.6.0.4 was never released).

* Thu Jan 8 2009 Jeffrey C. Ollie - 1.6.0.3-1

- Update to 1.6.0.3 to fix AST-2009-001/CVE-2009-0041

- http://downloads.asterisk.org/pub/security/

* Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-4

- Fedora Directory Server compatibility patch/subpackage. BZ#452176

* Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-3

- Don't package func_curl in the main package. BZ#475910

- Fix up paths. BZ#477238

* Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-2

- Add patch to fix compilation on PPC

* Sun Jan 4 2009 Jeffrey C. Ollie - 1.6.0.2-1

- Update to 1.6.0.2

* Wed Nov 5 2008 Jeffrey C. Ollie - 1.6.0.1-3

- Fix issue with init script giving wrong path to config file.

* Thu Oct 16 2008 Jeffrey C. Ollie - 1.6.0.1-2

- Explicitly require dahdi-tools-libs to see if we can get this to build.

* Fri Oct 10 2008 Jeffrey C. Ollie - 1.6.0-1

- Update to final release.

* Thu Sep 11 2008 - Bastien Nocera - 1.6.0-0.22.beta9

- Rebuild

* Wed Jul 30 2008 Jeffrey C. Ollie - 1.6.0-0.21.beta9

- Replace app_rxfax/app_txfax with app_fax taken from upstream SVN.

* Tue Jul 29 2008 Jeffrey C. Ollie - 1.6.0-0.20.beta9

- Bump release and rebuild with new libpri and zaptel.

* Fri Jul 25 2008 Jeffrey C. Ollie - 1.6.0-0.19.beta9

- Add patch pulled from upstream SVN that fixes AST-2008-010 and AST-2008-011.

* Fri Jul 25 2008 Jeffrey C. Ollie - 1.6.0-0.18.beta9

- Add patch for LDAP extracted from upstream SVN (#442011)

* Wed Jul 2 2008 Jeffrey C. Ollie - 1.6.0-0.17.beta9

- Add patch that unbreaks cdr_tds with FreeTDS 0.82.

- Properly obsolete conference subpackage.

* Thu Jun 12 2008 Jeffrey C. Ollie - 1.6.0-0.16.beta9

- Disable building cdr_tds since new FreeTDS in rawhide no longer provides needed library.

* Wed Jun 11 2008 Jeffrey C. Ollie - 1.6.0-0.15.beta9

- Bump release and rebuild to fix libtds breakage.

* Mon May 19 2008 Jeffrey C. Ollie - 1.6.0-0.14.beta9

- Update to 1.6.0-beta9.

- Update patches so that they apply cleanly.

- Temporarily disable app_conference patch as it doesn't compile

- config/scripts/postgres_cdr.sql has been merged into realtime_pgsql.sql

- Re-add the asterisk-strip.sh script as a source file.

[ 1 ] Bug #480132 - CVE-2009-0041 asterisk: Replies to failed login attempts differently based on whether the user account exists (information disclosure)

https://bugzilla.redhat.com/show_bug.cgi?id=480132

su -c 'yum update asterisk' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/