[Enswitch-announce] Important Asterisk security update AST-2011-002
Alistair Cunningham
acunningham at integrics.com
Mon Feb 21 23:46:29 GMT 2011
A security vulnerability has been discovered in all versions of Asterisk
released before 2011-02-21. It only affects systems that have T.38 or
H.323 enabled. Details can be found at:
http://www.venturevoip.com/news.php?rssid=2506
All Enswitch customers are advised to either:
1. Set "t38pt_udptl = no" in sip.conf to disable T.38, add "noload =>
chan_ooh323" to modules.conf to disable H.323, and restart Asterisk.
or:
2. Upgrade to the latest Asterisk versions by upgrading to the latest
Enswitch fixes released today, running one of the following commands
(depending on the version of Asterisk in use), and restarting Asterisk.
enswitch install -u asterisk-14
enswitch install -u asterisk-16
enswitch install -u asterisk-18
It's important to use the same major version as currently running, as
there are configuration changes required between major versions.
This should be done on a test machine without delay, then Asterisk
functionality tested, then done on production machines. If you would
prefer that Enswitch support perform either of the above, please open a
Mantis ticket and we'd be happy to do this as part of normal Enswitch
support.
--
Alistair Cunningham
+1 888 468 3111
+44 20 799 39 799
http://integrics.com/
More information about the Enswitch-announce
mailing list