[asterisk-dev] Asterisk Security Releases: AST-2011-001

Asterisk Development Team asteriskteam at digium.com
Tue Jan 18 10:38:55 CST 2011


The Asterisk Development Team has announced security releases for the following
versions of Asterisk:

* 1.4.38.1
* 1.4.39.1
* 1.6.1.21
* 1.6.2.15.1
* 1.6.2.16.1
* 1.8.1.2
* 1.8.2.1

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
in pedantic mode, which can cause a stack buffer to be made to overflow if
supplied with carefully crafted caller ID information. The issue and resolution
are described in the AST-2011-001 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-001, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1

Security advisory AST-2011-001 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-001.pdf

Thank you for your continued support of Asterisk!



More information about the asterisk-dev mailing list