stable

asterisk-1.8.12.2-1.el6

FEDORA-EPEL-2012-6012 created by jcollie 13 years ago for Fedora EPEL 6

The Asterisk Development Team has announced the release of Asterisk 1.8.12.2. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.12.2 resolves an issue reported by the community and would have not been possible without your participation. Thank you!

The following is the issue resolved in this release:

  • --- Resolve crash in subscribing for MWI notifications (Closes issue ASTERISK-19827. Reported by B. R)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following two issues:

  • A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class. Asterisk will attempt to use an invalid pointer to the music on hold class name, potentially causing a crash.

  • A remotely exploitable crash vulnerability was found in the Skinny (SCCP) Channel driver. When an SCCP client closes its connection to the server, a pointer in a structure is set to NULL. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. This allows remote authenticated connections the ability to cause a crash in the server, denying services to legitimate users.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2012-007 and AST-2012-008, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1

The security advisories are available at:

This update has been submitted for testing by jcollie.

13 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

13 years ago

This update has been pushed to testing

13 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

13 years ago

This update has been submitted for stable by jcollie.

13 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

13 years ago

This update has been pushed to stable

13 years ago

Please log in to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
13 years ago
in testing
13 years ago
in stable
13 years ago
Builds
1
asterisk-1.8.12.2-1.el6
BZ#826474 CVE-2012-2947 asterisk: Remote crash in IAX2 channel driver (AST-2012-007)
0
0
asterisk-1.8.12.2-1.el6

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-181-hd828.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy