(Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released

The Asterisk.org development team has released four new versions of Asterisk to address critical security vulnerabilities.

AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling.

AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf.

AST-2008-004 details some format string vulnerabilities that were found in the code handling the Asterisk logger and the Asterisk manager interface.

Asterisk 1.2.27 and 1.4.18.1 are releases that only contain changes to fix these security vulnerabilities.

In addition to fixes for these security issues, 1.4.19-rc3 and 1.6.0-beta6 contain a number of other bug fixes over the previous release candidates and beta releases for the upcoming 1.4.19 and 1.6.0 releases.

We encourage all affected users of these security vulnerabilities to upgrade their installations as time permits.

Thank you for your continued support of Asterisk!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s