[asterisk-users] Asterisk 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 Now Available (Security Release)

Thu, 23 Jun 2011 13:14:30 -0700 

The Asterisk Development Team has announced the release of Asterisk versions
1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues 
as outlined below:

* AST-2011-008: If a remote user sends a SIP packet containing a null,
  Asterisk assumes available data extends past the null to the
  end of the packet when the buffer is actually truncated when
  copied.  This causes SIP header parsing to modify data past
  the end of the buffer altering unrelated memory structures.
  This vulnerability does not affect TCP/TLS connections.
  -- Resolved in 1.6.2.18.1 and 1.8.4.3
* AST-2011-009: A remote user sending a SIP packet containing a Contact header 
  with a missing left angle bracket (<) causes Asterisk to
  access a null pointer.
  -- Resolved in 1.8.4.3

* AST-2011-010: A memory address was inadvertently transmitted over the
network via IAX2 via an option control frame and the remote party would try 
  to access it.
  -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
The issues and resolutions are described in the AST-2011-008, AST-2011-009, and 
AST-2011-010 security advisories.

For more information about the details of these vulnerabilities, please read
the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were 
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog: 

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3
Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available 
at:

http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
http://downloads.asterisk.org/pub/security/AST-2011-010.pdf

Thank you for your continued support of Asterisk!

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
              http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to