Asterisk Security Patch: No More Snooping for You!

The Asterisk Development Team has rolled out Certified Asterisk 20.7-cert4. This update tightens security by confining AMI ListCategories to the configuration directory. So no more accidental file sightseeing! Download your drama-free version now.

1P
Published: January 16, 2025 4:33 amAdded: January 15, 2025 at 9:02 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

In a world where hackers are constantly knocking on our digital doors, Asterisk just installed a new security peephole and chain lock. Kudos to Ben Ford for slamming the door on sneaky cyber intruders and reminding us all that not all heroes wear capes—some just write really good code.

Key Points:

  • Certified Asterisk 20.7-cert4 is now available with a significant security update.
  • The update resolves a path traversal vulnerability in the Asterisk Manager Interface (AMI).
  • The issue allowed unauthorized file access outside the configuration directory.
  • Ben Ford authored the critical fix, restricting file access to the configured directory.
  • No other issues or advisory resolutions were included in this release.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?