Asterisk Development Team
2011-Jan-18 16:38 UTC
[asterisk-users] Asterisk Security Releases: AST-2011-001
The Asterisk Development Team has announced security releases for the following versions of Asterisk: * 1.4.38.1 * 1.4.39.1 * 1.6.1.21 * 1.6.2.15.1 * 1.6.2.16.1 * 1.8.1.2 * 1.8.2.1 These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory. For more information about the details of this vulnerability, please read the security advisory AST-2011-001, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1 Security advisory AST-2011-001 is available at: http://downloads.asterisk.org/pub/security/AST-2011-001.pdf Thank you for your continued support of Asterisk!
Maybe Matching Threads
- Asterisk Security Releases: AST-2011-001
- Asterisk 1.8.2.2 Now Available (Security Release)
- Asterisk 1.8.2.2 Now Available (Security Release)
- AST-2011-001: Stack buffer overflow in SIP channel driver
- Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 Now Available