[asterisk-security] Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 Now Available
Asterisk Development Team
asteriskteam at digium.com
Thu Feb 25 16:39:30 CST 2010
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.0.25
* 1.6.1.17
* 1.6.2.5
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.
It should also be noted that release candidates for the 1.6.x series of Asterisk
have been skipped (1.6.0.23-rc2, 1.6.1.15-rc2, and 1.6.2.3-rc2). New release
candidates will be released as 1.6.0.26-rc1, 1.6.1.18-rc1, and 1.6.2.6-rc1
pending another security release.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.25
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
Thank you for your continued support of Asterisk!
More information about the asterisk-security
mailing list