[asterisk-announce] Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 Now Available

Asterisk Development Team asteriskteam at digium.com
Thu Feb 25 16:39:30 CST 2010


The Asterisk Development Team has announced security releases for the following
versions of Asterisk:

* 1.6.0.25
* 1.6.1.17
* 1.6.2.5

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.

It should also be noted that release candidates for the 1.6.x series of Asterisk
have been skipped (1.6.0.23-rc2, 1.6.1.15-rc2, and 1.6.2.3-rc2). New release
candidates will be released as 1.6.0.26-rc1, 1.6.1.18-rc1, and 1.6.2.6-rc1
pending another security release.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.25
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5

Security advisory AST-2010-003 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-003.pdf

Thank you for your continued support of Asterisk!



More information about the asterisk-announce mailing list