Some people bawk at the mere discussion of the need to patch, especially those systems that run mission-critical applications. The Asterisk community recently released versions 1.2.27, 1.4.18.1, 1.4.19-rc3, and 1.6.0-beta6. This, in response to the newly discovered security vulnerabilities found, is what I would consider a 'timely' and important release.
I've heard rumblings and "beneath the breath" comments about the latest discovery of security vulnerabilities in the Asterisk platform, but for me, it literally shows that the entire community that supports and develops Asterisk is wide-awake and ready to respond immediately to any security-related problems. Now, if we could get the more mainstream vendors to be as quick to respond, then we'd have something.
As a proud member of the open-source community, we need to applaud the developers and researchers for providing more-than-ample notifications and solutions to the latest threats against their software.
FYI: I just installed the latest release (1.4.18.1 to be exact) on all of my production Asterisk servers, and it was smooth as silk. Now if only my Windows Updates would take less than five minutes and only require restarting one service...
Nickasch has been very involved in IT since he was just 13. His current and previous consulting experience includes systems architecture, virtualization, and converged networks for the financial, education, and healthcare industries. Matthew currently attends the University of Wisconsin-Platteville, where he also works as a network management assistant. While his interests include directory services and routing protocols, Nickasch's focus is on converged networks and voice over IP.
|
|
