«
»

Asterisk 1.6.0.22, Asterisk 1.6.1.14, Asterisk 1.6.2.2 Released


Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

The Asterisk Development Team has announced security releases for Asterisk as the following versions:

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/

The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix described in security advisory AST-2010-001.

The issue is that an attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash will occur when the FaxMaxDatagram field is omitted from the SDP, as well.

For more information about the details of this vulnerability, please read the security advisory AST-2010-001, which was released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

Security advisory AST-2010-001 is available at:
http://asterisk.net.ru/en/2010/02/03/asterisk-security-advisory-ast-2010-001-t-38-remote-crash-vulnerability/

Thank you for your continued support of Asterisk!

Share and Enjoy:
  • PDF
  • Print
  • email
  • RSS
  • Twitthis
  • Google Bookmarks
  • Twitter
  • Facebook
  • Digg
  • Technorati
  • MySpace
  • del.icio.us
  • LinkedIn
  • Slashdot
  • Reddit
  • Yahoo! Bookmarks
  • Live
  • MSN Reporter
  • Yahoo! Buzz
  • Ping.fm
  • Mixx
  • MyShare
  • SphereIt
  • Yigg
  • BlinkList
  • blogmarks
  • Blogosphere News
  • Current
  • Diigo
  • DZone
  • Fleck
  • FriendFeed
  • HelloTxt
  • Suggest to Techmeme via Twitter
  • ThisNext
  • Sphinn
  • BarraPunto
  • Bitacoras.com
  • BlogMemes Fr
  • BlogMemes Sp
  • blogtercimlap
  • co.mments
  • connotea
  • Design Float
  • DotNetKicks
  • eKudos
  • Fark
  • Faves
  • FSDaily
  • Global Grind
  • Gwar
  • HackerNews
  • Haohao
  • HealthRanker
  • Hemidemi
  • Hyves
  • Identi.ca
  • IndianPad
  • Internetmedia
  • Kirtsy
  • laaik.it
  • LinkaGoGo
  • LinkArena
  • Linkter
  • Meneame
  • MisterWong
  • MisterWong.DE
  • muti
  • N4G
  • Netvibes
  • Netvouz
  • NewsVine
  • NuJIJ
  • Posterous
  • ppnow
  • Propeller
  • Ratimarks
  • Rec6
  • Scoopeo
  • Segnalo
  • Simpy
  • Socialogs
  • StumbleUpon
  • Symbaloo
  • Tipd
  • Tumblr
  • Upnews
  • Webnews.de
  • Webride
  • Wikio
  • Wikio FR
  • Wikio IT
  • Wists
  • Wykop
  • Xerpi
  • 豆瓣
  • 豆瓣九点
  • Add to favorites
  • Blogplay
  • Diggita
  • LaTafanera
  • MOB
  • QQ书签
  • SheToldMe
  • viadeo FR

Related Posts

  1. Asterisk Security Advisory – AST-2010-001: T.38 Remote Crash Vulnerability
  2. Asterisk 1.6.0.11-rc2, 1.6.1.2, 1.6.1.3-rc1, and 1.6.2.0-beta4 Release Announcement
  3. Asterisk 1.2.34, Asterisk 1.4.26.1, Asterisk 1.6.0.13, and Asterisk 1.6.1.4 released
  4. Asterisk 1.6.0.21 Now Available
  5. Asterisk Security Advisory – AST-2009-005: Remote Crash Vulnerability in SIP channel driver

, , , , , , , , , , ,

This entry was posted on February 3, 2010, 1:28 am and is filed under Asterisk Security Advisories, Releases, Security Advisories, asterisk, sip, t.38. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.

You must be logged in to post a comment.