June 16, 2014 FreePBX has released updates that fix several vulnerabilities in Asterisk®. Users of the FreePBX Distro can use the provided update scripts or SysAdmin Pro module to update their existing systems.
The updates released today are for the latest supported versions of Asterisk found in the following FreePBX Distro Tracks 5.211.65-13 (STABLE) and 6.12.65.-11 (ALPHA) .
Users can follow the instructions found on our wiki to keep their systems up to date. Updates can be ran via CLI, or directly from the PBX Administration GUI for users of our SysAdmin Pro Commercial Module.
DIGIUM® today has announced a security release of ASTERISK® 1.8.x, 11.x,and 12.x
The security advisories are available at:
- FIXES CVE-2014-4045 Remote Crash in PJSIP Channel Driver Publish/Subscribe Framework (Affected version Asterisk 12.x) http://downloads.asterisk.org/pub/security/AST-2014-005.pdf
- FIXES CVE-2014-4046 Asterisk Manager User Unauthorized Shell Access (Affected version Asterisk 11.x, 12.x) http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
- FIXES CVE-2014-4047 Exhaustion of Allowed Concurrent HTTP Connections (Affected version Asterisk 1.8.x, 11.x, 12.x) http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
ASTERISK® and DIGIUM® are registered trademark of Digium, Inc.
FreePBX® is a registered trademark of Schmooze Com Inc.