[asterisk-users] Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 Now Available

Ishfaq Malik ish at pack-net.co.uk
Tue Feb 22 09:16:11 CST 2011 

Has this issue been fixed in this release of 1.8 (or even in the
previous 1.8.2.3)?

https://issues.asterisk.org/bug_view_advanced_page.php?bug_id=18403

Thanks

Ish

On Tue, 2011-02-22 at 08:02 -0500, Asterisk Development Team wrote:
> The Asterisk Development Team has announced security releases for Asterisk
> branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
> released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
> 
> These releases are available for immediate download at
> http://downloads.asterisk.org/pub/telephony/asterisk/releases
> 
> The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
> issue that when decoding UDPTL packets, multiple stack and heap based arrays can
> be made to overflow by specially crafted packets. Systems configured for
> T.38 pass through or termination are vulnerable. The issue and resolution are
> described in the AST-2011-002 security advisory.
> 
> For more information about the details of this vulnerability, please read the
> security advisory AST-2011-002, which was released at the same time as this
> announcement.
> 
> For a full list of changes in the current release, please see the ChangeLog:
> 
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.2
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.22
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.4
> 
> Security advisory AST-2011-002 is available at:
> 
> http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
> 
> Thank you for your continued support of Asterisk!
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

-- 
Ishfaq Malik
Software Developer
PackNet Ltd

Office:   0161 660 3062

More information about the asterisk-users mailing list