[asterisk-announce] Asterisk 1.8.8.2 and 10.0.1 Now Available (Security Release)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Asterisk Development Team has announced security releases for Asterisk 1.8
and 10. The available security releases are released as versions 1.8.8.2 and
10.0.1.  Please note that the security vulnerability in Asterisk 1.8 and 10
does not exist for Asterisk versions 1.4 or 1.6.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.

The issue and its resolution is described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this 
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.8.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.0.1

Security advisory AST-2012-001 is available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-001.pdf

Thank you for your continued support of Asterisk!



[Index of Archives]     [Asterisk App Development]     [PJ SIP]     [Asterisk SS7]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]     [Asterisk Books]

  Powered by Linux