[asterisk-dev] Asterisk 1.8.8.2 and 10.0.1 Now Available (Security Release)

Asterisk Development Team asteriskteam at digium.com
Thu Jan 19 18:00:00 CST 2012


The Asterisk Development Team has announced security releases for Asterisk 1.8
and 10. The available security releases are released as versions 1.8.8.2 and
10.0.1.  Please note that the security vulnerability in Asterisk 1.8 and 10
does not exist for Asterisk versions 1.4 or 1.6.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.

The issue and its resolution is described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this 
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.8.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.0.1

Security advisory AST-2012-001 is available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-001.pdf

Thank you for your continued support of Asterisk!



More information about the asterisk-dev mailing list