[asterisk-announce] Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 Now Available

Asterisk Development Team asteriskteam at digium.com
Tue Feb 22 07:02:06 CST 2011


The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.22
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.4

Security advisory AST-2011-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

Thank you for your continued support of Asterisk!



More information about the asterisk-announce mailing list