Not sure if everyone saw the security bulletins this week, but two new critical Asterisk security bugs were released this week.
For anyone still running Asterisk 1.6 on a publicly exposed server I tested both these remote crash vulnerabilities and found that while Asterisk 1.6.2.24 doesn't crash with the issue identified in AST-2013-004, it does crash with the SDP issue discovered in AST-2013-005. To help the community I back-ported the patch for AST-2013-005 to Asterisk 1.6 and put it up on my blog: http://www.mgamble.ca/blog/2013/08/30/patch-for-ast-2013-005-asterisk-1-6/ Or for the impatient who don't want to read about it, you can grab the patch directly from http://www.mgamble.ca/public/AST-2013-005-1.6.2.24.diff Hopefully anyone out there still running 1.6 will ether apply the relevant patches or upgrade to a newer release as this remote crash issue that will take down a running system.
