The Asterisk Development Team has announced a security release for Asterisk 1.8. The available security release is released as version 1.8.7.1.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can lead to a remotely exploitable crash: Remote Crash Vulnerability in SIP channel driver (AST-2011-012) The issue and resolution is described in the AST-2011-012 security advisory. For more information about the details of this vulnerability, please read the security advisory AST-2011-012, which was released at the same time as this announcement. For a full list of changes in the current release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.1 Security advisory AST-2011-012 is available at: http://downloads.asterisk.org/pub/security/AST-2011-012.pdf Thank you for your continued support of Asterisk! -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-security mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-security
