Sippy Software, Inc.

The following Security Advisories have been published for the 4.5 Release of Sippy Softswitch.  Links outlining the specific details can be found in the security Advisory column in the table blow.  Fixes for known issues will only be applied to supported versions at the time the security advisory has been addressed by our development team.

We hope to keep our customers up to date about the latest security issues identified using this forum going forward until the our 4.5 version is no longer supported.

Security Advisory	Sippy Internal Issue	Discovered	Resolved	Summary	Affects Version	Fixed Version
SA-0002	SS-2467	05/03/2017	05/26/2017	A problem has been identified with root logins after initial installation. Customers who have not changed their root passwords since the inital installation are highly recommended to change the root password of their system.	5.0 and Earlier	4.5 and 5.0
SA-0001	SS-2874	12/18/2017	02/02/2018	A problem has been identified with our logging system. The logging system will display sensitive user information to those who have gain access to the log. The correction will now mask the sensitive user data in question	5.0 and Earlier	4.5 and 5.0
SA-0003	SS-2403	03/20/2017	03/26/2017	OpenSSL issue was reported in FreeBSD versions 10.3 and 11.0 that affected 32 bit SSL\TLS client or servers. Truncated packeets can cause the server or client to perform an out of bound read usually resulting in a crash. More details can be found here https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc	FreeBSD 10.3 p17 and FreeBSD 11.0	FreeBSD 10.3 r312863 and FreeBSD 11.0 r. 312826