[prev in list] [next in list] [prev in thread] [next in thread] 

List:       asterisk-dev
Subject:    [asterisk-dev] Asterisk 1.4.41.2, 1.6.2.18.2,
From:       Asterisk Development Team <asteriskteam () digium ! com>
Date:       2011-06-28 20:54:57
Message-ID: 4E0A3FA1.1070101 () digium ! com
[Download RAW message or body]

The Asterisk Development Team has announced the release of Asterisk versions
1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security releases.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
following issue:

AST-2011-011: Asterisk may respond differently to SIP requests from an
invalid SIP user than it does to a user configured on the system, even 
when the
alwaysauthreject option is set in the configuration. This can leak 
information
about what SIP users are valid on the Asterisk system.

For more information about the details of this vulnerability, please read
the security advisory AST-2011-011, which was released at the same time 
as this
announcement.

For a full list of changes in the current releases, please see the 
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.4

Security advisory AST-2011-011 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-011.pdf

Thank you for your continued support of Asterisk!

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic