The Asterisk Development Team has announced security releases for Asterisk 1.8 and 10. The available security releases are released as versions 1.8.8.2 and 10.0.1. Please note that the security vulnerability in Asterisk 1.8 and 10 does not exist for Asterisk versions 1.4 or 1.6.2.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue wherein an attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the res_srtp Asterisk module is loaded. The issue and its resolution is described in the security advisory. For more information about the details of these vulnerabilities, please read the security advisory AST-2012-001, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.8.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.0.1 Security advisory AST-2012-001 is available at: * http://downloads.asterisk.org/pub/security/AST-2012-001.pdf Thank you for your continued support of Asterisk! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
