These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems configured for T.38 pass through or termination are vulnerable. The issue and resolution are described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the security advisory AST-2011-002, which was released at the same time as this announc"> .msg_list {margin: 0px;padding: 0px;width: 100%; } .msg_head {padding: 5px 10px;cursor: pointer;position: relative;background-color:#f4f4ff;border: 1px solid #ccc;margin:0px; } .msg_body {padding: 5px 10px 15px;background-color:#F4F4F8; display: none;border: 1px solid #ccc;border-top: 0px; } .msg_body_2 {padding: 5px 10px 15px;background-color:#F4F4F8; }
Home Asterisk News Phone Systems Call Centres Exchanges Partners White Label Software About Us
Daily Asterisk News New: Submit a news story!
Asterisk Interviews
Asterisk Applications
Daily Asterisk News
AsteriskWatch
Follow on Twitter
iPhone Apps
Tue, 22 Feb 2011 17:12:23 -0400 
The Asterisk Development Team has announced security releases for Asterisk branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems configured for T.38 pass through or termination are vulnerable. The issue and resolution are described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the security advisory AST-2011-002, which was released at the same time as this announcement.
For a full list of changes in the current release, please see the ChangeLog:
ChangeLog-1.4.39.2
ChangeLog-1.6.1.22
ChangeLog-1.6.2.16.2
ChangeLog-1.8.2.4
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
Thank you for your continued support of Asterisk!
You haven't voted yet! Vote: 12345678910Select a Vote Current Rating: 8/10 (1 votes)
Comments (Click to post)
Name: Subject: Website: Message: Similar Articles (Based on Title)DUNDi is available for use with v1-0 - October 23, 2004
BKW has released a .tar.gz file so that you can use DUNDi with Asterisk 1.0
Asterisk-Users: Asterisk 1.0.2 rpms now available for FC1 - October 27, 2004
Andrew McRory has posted details of the rpms for Asterisk 1.0.2
Asterisk-Users: RPMS for Fedora Core 2 now available - November 9, 2004
Andrew McRory has posted information on the RPMs of Asterisk for Fedora Core 2.
asterisk-oh323: New versions available - December 22, 2004
Michael Manousos has announced new versions of chan_oh323 from inaccessnetworks.
New 4-Port BRI card Sirrix.PCI4S0 with Asterisk support available - January 9, 2005
Oskar Senft has posted details of the 4-Port BRI card Sirrix.PCI4S0 with Asterisk support to the Asterisk-biz mailing list.
*-Dev: New jitterbuffer and Packet Loss Concealment preview/prototype patch available in tracker. - January 21, 2005
Steve Kann has posted details of the latest patch added to the bugtracker.
Linux Bridge + QoS Shaper HOWTO available - January 28, 2005
Ron Senykoff has posted details of a HOWTO he has written.
DIAX version 0.9.10a available for download - February 9, 2005
Dan has posted details of the latest version of his IAX softphone - DIAX - to the Asterisk-Users mailing list.
DIAX 0.9.10f available for download - March 12, 2005
Dan has posted details of the release of the latest version of the DIAX softphone.
UNISTIM channel driver available - March 12, 2005
Andres has posted details of a release from Cedric Hans of a UNISTIM channel driver for Asterisk.
Iaxclient-devel: Kiax 0.8.3 available - March 18, 2005
Emil Stoyanov has posted details of the latest release of Kiax.
AstLinux 0.2.5.5 now available for testing (includes ISDN/BRI) - April 15, 2005
Kristian Kielhofner has posted details of the pre-release of what will become 0.2.6 of AstLinux.
Original Content (C) 2004-2010Matt Riddell
Icons by: FastIcon.com
Asterisk: The Definitive Guide book available for pre order and public review
October 21, 2010 Average Vote: 10
The 3rd edition of the Asterisk book is on its way and available for public review and pre-order.
Submit your own stories
September 21, 2010 Average Vote: 10
We have made a pretty big update to the Daily Asterisk News. You can now submit your own stories! There is now a link at the top of the Daily Asterisk News. Just click the link, fill out the form and we will check over your story and submit it.
First HD Conference In Asterisk
February 21, 2011 Average Vote: 10
Leif Madsen has posted details of a successful public HD conference using Asterisk.
Introducing the new ConfBridge
February 24, 2011 Average Vote: 10
David Vossel has posted details of the new ConfBridge in Asterisk.
Tropo Now Speaks Asterisk Gateway Interface (AGI)
October 4, 2010 Average Vote: 10
Jason Goeke has posted a link to an article about Tropo support for Asterisk via AGI.
The Everything Asterisk Video Collection
August 5, 2010 Average Vote: 10
Steven Sokol has posted a blog entry on Asterisk Video Resources.
AstriDevCon: October 29th, Washington DC
August 23, 2010 Average Vote: 10
John Todd has posted a note about the AstriDevCon conference which occurs within the Astricon conference.
Using locked PAP2 and PAP2-NA with Asterisk
August 23, 2005 Average Vote: 10
VoIPHacker has posted details on how to unlock a PAP2 and PAP2-NA.
Asterisk 1.10 Update
February 17, 2011 Average Vote: 10
Russell Bryant has posted some information about Asterisk 1.10.
Asterisk-Fax
May 19, 2005 Average Vote: 10
Just thought I'd provide a pointer to the Asterisk-Fax site (it came up on Asterisk-Users).
Asterisk and Kamailio (openser) realtime integration
August 5, 2010 Average Vote: 9.9
Daniel-Constantin Mierla posted a writeup on combining Asterisk and Kamailio.
Interview with Mark Spencer
November 26, 2004 Average Vote: 9.9
We have managed to get an interview with Mark Spencer AKA Markster. Mark Spencer is the creator of Asterisk and by far the most active developer.
ZORG new C++ and Java ZRTP implementation public release
January 13, 2011 Average Vote: 9.9
Andrea Cristofanini from PrivateWave has sent us across a press release about a new Open Source encryption implementation.
Asterisk IPv6 update
February 1, 2010 Average Vote: 9.8
Olle has posted an update on IPV6 in Asterisk and a link to a blog post of his.
Proposal for T.38 transparent gateway design in Asterisk
April 29, 2010 Average Vote: 9.8
Kevin Fleming has posted a proposed design for a transparent T.38 gateway for Asterisk:
A2Billing 1.9 (Cuprum) released
March 2, 2011
Areski has posted details of the latest release of A2Billing.
Using exec to set externaddr in sip.conf
March 1, 2011
Leif Madsen has put together a script to use cURL via PHP to set externaddr in sip.conf.
Asterisk 1.4.40, 1.6.2.17 and 1.8.3 released.
March 1, 2011
The Asterisk Development Team has announced the release of Asterisk 1.4.40, 1.6.2.17 and 1.8.3.
Introducing the new ConfBridge
February 24, 2011
David Vossel has posted details of the new ConfBridge in Asterisk.
Adhearsion 1.0.1 Released
February 24, 2011
Ben Klang has posted details of the latest version of Adhearsion - the Open Source Ruby language framework for creating telephony applications.
Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 Now Available
February 23, 2011
The Asterisk Development Team has announced security releases for Asterisk branches 1.4, 1.6.1, 1.6.2, and 1.8.
AST-2011-002: Multiple array overflow and crashvulnerabilities in UDPTL code
February 22, 2011
The Asterisk Project has release a security advisory.
AstLinux 0.7.6 Released
February 21, 2011
The AstLinux Team have announced the release of the latest version of their embedded operating system with Asterisk.
First HD Conference In Asterisk
February 21, 2011
Leif Madsen has posted details of a successful public HD conference using Asterisk.
Chan SS7 2.0.0 released
February 18, 2011
Anders Baekgaard from Netfors has posted details of the latest release of their SS7 Channel for Asterisk.
No comments:
Post a Comment