Start a new topic

4.5 Security Advisories

The following Security Advisories have been published for the 4.5 Release of Sippy Softswitch.  Links outlining the specific details can be found in the security Advisory column in the table blow.  Fixes for known issues will only be applied to supported versions at the time the security advisory has been addressed by our development team.

We hope to keep our customers up to date about the latest security issues identified using this forum going forward until the our 4.5 version is no longer supported.

Security Advisory Sippy Internal Issue Discovered Resolved Summary Affects Version Fixed Version
SA-0002 SS-2467 05/03/2017 05/26/2017 A problem has been identified with root logins after initial installation. Customers who have not changed their root passwords since the inital installation are highly recommended to change the root password of their system. 5.0 and Earlier 4.5 and 5.0
SA-0001 SS-2874 12/18/2017 02/02/2018 A problem has been identified with our logging system. The logging system will display sensitive user information to those who have gain access to the log. The correction will now mask the sensitive user data in question 5.0 and Earlier 4.5 and 5.0
SS-2403 03/20/2017 03/26/2017 OpenSSL issue was reported in FreeBSD versions 10.3 and 11.0 that affected 32 bit SSL\TLS client or servers. Truncated packeets can cause the server or client to perform an out of bound read usually resulting in a crash. More details can be found here FreeBSD 10.3 p17 and FreeBSD 11.0 FreeBSD 10.3 r312863 and FreeBSD 11.0 r. 312826