The Asterisk Development Team has announced the release of Asterisk 1.2.37, 1.4.27.1, 1.6.0.19, and 1.6.1.11. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ These releases have been created in response to a SIP remote crash vulnerability. Additionally, Asterisk versions 1.4.27.1, 1.6.0.19, and 1.6.1.11 also contain an SDP regression fix as described in issue #16268. Asterisk 1.6.0.19, and 1.6.1.11 contain an additional SDP regression fix as described by issue #16238. Information about the SDP issues can be found at https://issues.asterisk.org/view.php?id=16268 and https://issues.asterisk.org/view.php?id=16238 For more information about the details of this vulnerability, please read the security advisory AST-2009-010, which was released at the same time as this announcement. The security advisory is available at http://downloads.asterisk.org/pub/security/AST-2009-010.pdf For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.2.37 http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.27.1 http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.19 http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.11 Thank you for your continued support of Asterisk!
|