Posts Tagged chan_ooh323
Asterisk Security Advisory – AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, t.38 on February 22, 2011
| Product | Asterisk |
| Summary | Multiple array overflow and crash vulnerabilities in UDPTL code |
| Nature of Advisory | Exploitable Stack and Heap Array Overflows |
| Susceptibility | Remote Unauthenticated Sessions |
| Severity | Critical |
| Exploits Known | No |
| Reported On | January 27, 2011 |
| Reported By | Matthew Nicholson |
| Posted On | February 21, 2011 |
| Last Updated On | February 22, 2011 |
| Advisory Contact | Matthew Nicholson <mnicholson@digium.com> |
| CVE Name |
| Description | When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems configured for T.38 pass through or termination are vulnerable. |
Asterisk-Addons 1.6.0.6 and Asterisk-Addons 1.6.1.4 Now Available
Posted by admin in asterisk addons, H.323 on June 8, 2010
The Asterisk Development Team has announced the release of versions 1.6.0.6 and 1.6.1.4 of asterisk-addons. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk
The Asterisk-Addons releases for 1.6.0.6 and 1.6.1.4 are the last maintenance releases for Asterisk-Addons branches 1.6.0 and 1.6.1 and have now moved to security maintenance only.
The releases of Asterisk-Addons 1.6.0.6 and 1.6.1.4 resolves issues reported by the community, and would have not been possible without your participation.
Thank you!
- chan_ooh323.c: Don’t read rtp data from channel without private structure.
(Closes issue #17227. Reported, tested by jin. Patched by may213) - chan_ooh323.c: Don’t pass zero length callerid to ooh323 stack.
(Closes issue #17186. Reported vmikhelson. Patched by may213)
More information about the changes to maintenance support can be found at:
http://www.asterisk.org/node/49924
Information about the Asterisk maintenance schedule is available at: http://www.asterisk.org/asterisk-versions
For a full list of changes in the current release, please see the ChangeLog:
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-addons-1.6.0.6
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-addons-1.6.1.4
Thank you for your continued support of Asterisk!
