The Asterisk Development Team has announced security releases for the following versions of Asterisk: * 1.6.0.25 * 1.6.1.17 * 1.6.2.5 These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with invalid parsing of ACL (Access Control List) rules leading to a possible compromise in security. The issue and resolution are described in the AST-2010-003 security advisory. For more information about the details of this vulnerability, please read the security advisory AST-2010-003, which was released at the same time as this announcement. It should also be noted that release candidates for the 1.6.x series of Asterisk have been skipped (1.6.0.23-rc2, 1.6.1.15-rc2, and 1.6.2.3-rc2). New release candidates will be released as 1.6.0.26-rc1, 1.6.1.18-rc1, and 1.6.2.6-rc1 pending another security release. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.25 http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17 http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5 Security advisory AST-2010-003 is available at: http://downloads.asterisk.org/pub/security/AST-2010-003.pdf Thank you for your continued support of Asterisk!
|