<div dir="auto"></div><div class="gmail_quote">---------- Mensagem encaminhada ----------<br>De: &quot;Asterisk Development Team&quot; &lt;<a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a>&gt;<br>Data: 4 de abr de 2017 11:55<br>Assunto: [asterisk-dev] Asterisk 13.13-cert3, 13.14.1, 14.3.1 Now Available (Security Release)<br>Para: &quot;Asterisk Developers Mailing List&quot; &lt;<a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a>&gt;<br>Cc: <br><br type="attribution"><div dir="ltr"><span style="font-size:12.8px">The Asterisk Development Team has announced security releases for </span><span style="font-size:12.8px">Certified </span><span style="font-size:12.8px">Asterisk 13.13 and Asterisk 13 and 14. The available security releases </span><span style="font-size:12.8px">are released as versions 13.13-cert3, 13.14.1, and 14.3.1.</span><div><br style="font-size:12.8px"><span style="font-size:12.8px">These releases are available for immediate download at</span></div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases" rel="noreferrer" style="font-size:12.8px" target="_blank">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/release<wbr>s</a></div><div><br><span style="font-size:12.8px">The release of these versions resolves the following security </span><span style="font-size:12.8px">vulnerabilities:</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">* AST-2017-001: Buffer overflow in CDR&#39;s set user</span></div><div><span style="font-size:12.8px">  No size checking is done when setting the user field on a CDR. Thus,</span></div><div>  <span style="font-size:12.8px">it is possible for someone to use an arbitrarily large string and</span><span style="font-size:12.8px"> write past</span></div><div>  <span style="font-size:12.8px">the end of the user field storage buffer. This allows the possibility </span><span style="font-size:12.8px">of </span><span style="font-size:12.8px">remote</span></div><div><span style="font-size:12.8px">  </span><span style="font-size:12.8px">code injection.</span></div><div><br style="font-size:12.8px"><span style="font-size:12.8px">For a full list of changes in the current releases, please see the </span><span style="font-size:12.8px">ChangeLogs:</span></div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.13-cert3" rel="noreferrer" style="font-size:12.8px" target="_blank">http://downloads.asterisk.org/<wbr>pub/telephony/certified-asteri<wbr>sk/releases/ChangeLog-13.13-<wbr>cert3</a><br style="font-size:12.8px"><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.14.1" rel="noreferrer" style="font-size:12.8px" target="_blank">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/release<wbr>s/ChangeLog-13.14.1</a><br style="font-size:12.8px"><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.3.1" rel="noreferrer" style="font-size:12.8px" target="_blank">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/release<wbr>s/ChangeLog-14.3.1</a><br style="font-size:12.8px"><br><span style="font-size:12.8px">The security advisories are available at:</span></div><div><br style="font-size:12.8px"><span style="font-size:12.8px"> * </span><a href="http://downloads.asterisk.org/pub/security/AST-2017-001.pdf" rel="noreferrer" style="font-size:12.8px" target="_blank">http://downloads.asterisk.<wbr>org/pub/security/AST-2017-001.<wbr>pdf</a></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thank you for your continued support of Asterisk!</span></div></div>
<br>--<br>
______________________________<wbr>______________________________<wbr>_________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
   <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/<wbr>mailman/listinfo/asterisk-dev</a><br></div>