Asterisk Development Team
2011-Jun-28 20:54 UTC
[asterisk-users] Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 Now Available (Security Releases)
The Asterisk Development Team has announced the release of Asterisk versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security releases. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the following issue: AST-2011-011: Asterisk may respond differently to SIP requests from an invalid SIP user than it does to a user configured on the system, even when the alwaysauthreject option is set in the configuration. This can leak information about what SIP users are valid on the Asterisk system. For more information about the details of this vulnerability, please read the security advisory AST-2011-011, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.4 Security advisory AST-2011-011 is available at: http://downloads.asterisk.org/pub/security/AST-2011-011.pdf Thank you for your continued support of Asterisk!
Reasonably Related Threads
- Asterisk 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, 11.2.2 Now Available (Security Release)
- Asterisk 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, 11.2.2 Now Available (Security Release)
- Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release)
- Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release)
- Asterisk 1.6.1.23, 1.6.1.17.1 and 1.8.3.1 Now Available (Security Releases)
Wisdom of the Ancients
