[asterisk-announce] Asterisk 10.5.1 Now Available (Security Release)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The Asterisk Development Team has announced a security release for Asterisk 10.
This security release is released as version 10.5.1.

The release is available for immediate download at 
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 10.5.1 resolves the following issue:

* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
  Channel driver. When an SCCP client sends an Off Hook message, followed by
  a Key Pad Button Message, a structure that was previously set to NULL is
  dereferenced.  This allows remote authenticated connections the ability to
  cause a crash in the server, denying services to legitimate users.

This issue and its resolution is described in the security advisory.

For more information about the details of this vulnerability, please read 
security advisory AST-2012-009, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1

The security advisory is available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-009.pdf

Thank you for your continued support of Asterisk!










[Index of Archives]     [Asterisk App Development]     [PJ SIP]     [Asterisk SS7]     [Gnu Gatekeeper]     [IETF Sipping]     [Info Cyrus]     [ALSA User]     [Fedora Linux Users]     [Linux SCTP]     [DCCP]     [Gimp]     [Yosemite News]     [Deep Creek Hot Springs]     [Yosemite Campsites]     [ISDN Cause Codes]     [Asterisk Books]

  Powered by Linux