The Asterisk Development Team has announced the release of Asterisk 1.2.37,
1.4.27.1, 1.6.0.19, and 1.6.1.11. These releases are available for immediate
download at http://downloads.asterisk.org/pub/telephony/asterisk/
These releases have been created in response to a SIP remote crash
vulnerability.
Additionally, Asterisk versions 1.4.27.1, 1.6.0.19, and 1.6.1.11 also contain an
SDP regression fix as described in issue #16268.
Asterisk 1.6.0.19, and 1.6.1.11 contains an additional SDP regression fix as
described by issue #16238.
Information about the SDP issues can be found at
https://issues.asterisk.org/view.php?id=16268 and
https://issues.asterisk.org/view.php?id=16238
For more information about the details of this vulnerability, please read the
security advisory AST-2009-010, which was released at the same time as this
announcement.
The security advisory is available at
http://downloads.asterisk.org/pub/security/AST-2009-010.pdf
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.2.37
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.27.1
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.19
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.11
Thank you for your continued support of Asterisk!