Asterisk Project Security Advisory – AST-2016-001 ProductAsterisk SummaryBEAST vulnerability in HTTP serverNature of AdvisoryUnauthorized data disclosure due to man-in-the-middle attackSusceptibilityRemote unauthenticated sessions Severity Minor Explo..
The Asterisk Development Team has announced security releases for Certified Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.These releases are availa..
Asterisk Project Security Advisory – AST-2014-011 ProductAsterisk SummaryAsterisk Susceptibility to POODLE Vulnerability Nature of AdvisoryUnauthorized Data DisclosureSusceptibilityRemote Unauthenticated Sessions Severity MediumExploits KnownNo Repor..
The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 18.104.22.168, 10.12.2, 10.12.2-digiumphones, and 11.2.2.Th..
The Asterisk Development Team has announced a security release for Asterisk 11, Asterisk 11.1.2. This release addresses the security vulnerabilities reported in AST-2012-014 and AST-2012-015, and replaces the previous version of Asterisk 11released ..
If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.Management of the memory in question has been reworked so that double frees and out of bounds array acc..
We saw some activity related to this FreePBX unpatched vulnerability this past weekend on some hosted PBXes. http://seclists.org/fulldisclosure/2012/Mar/234 Usually we see the typical SIP Vicious attacks, but this one is much more involved and dangero..