[asterisk-dev] Asterisk Security Releases: AST-2011-001
Asterisk Development Team
asteriskteam at digium.com
Tue Jan 18 10:38:55 CST 2011
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.4.38.1
* 1.4.39.1
* 1.6.1.21
* 1.6.2.15.1
* 1.6.2.16.1
* 1.8.1.2
* 1.8.2.1
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
in pedantic mode, which can cause a stack buffer to be made to overflow if
supplied with carefully crafted caller ID information. The issue and resolution
are described in the AST-2011-001 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-001, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1
Security advisory AST-2011-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
Thank you for your continued support of Asterisk!
More information about the asterisk-dev
mailing list