<html><body bgcolor="#FFFFFF"><div><br><br>Sent from my iPad</div><div><br>Begin forwarded message:<br><br></div><blockquote type="cite"><div><b>From:</b> Asterisk Development Team <<a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a>><br><b>Date:</b> 23 de junho de 2011 17h14min19s BRT<br><b>To:</b> <a href="mailto:asteriskteam@digium.com"><a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a></a><br><b>Subject:</b> <b>[asterisk-dev] Asterisk 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 Now Available (Security Release)</b><br><b>Reply-To:</b> Asterisk Developers Mailing List <<a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a>><br><br></div></blockquote><div></div><blockquote type="cite"><div><span>The Asterisk Development Team has announced the release of Asterisk versions</span><br><span>1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.</span><br><span></span><br><span>These releases are available for immediate download at</span><br><span><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases">http://downloads.asterisk.org/pub/telephony/asterisk/releases</a></span><br><span></span><br><span>The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues</span><br><span>as outlined below:</span><br><span></span><br><span>* AST-2011-008: If a remote user sends a SIP packet containing a null,</span><br><span> Asterisk assumes available data extends past the null to the</span><br><span> end of the packet when the buffer is actually truncated when</span><br><span> copied. This causes SIP header parsing to modify data past</span><br><span> the end of the buffer altering unrelated memory structures.</span><br><span> This vulnerability does not affect TCP/TLS connections.</span><br><span> -- Resolved in 1.6.2.18.1 and 1.8.4.3</span><br><span></span><br><span>* AST-2011-009: A remote user sending a SIP packet containing a Contact header</span><br><span> with a missing left angle bracket (<) causes Asterisk to</span><br><span> access a null pointer.</span><br><span> -- Resolved in 1.8.4.3</span><br><span></span><br><span>* AST-2011-010: A memory address was inadvertently transmitted over the</span><br><span> network via IAX2 via an option control frame and the remote party would try</span><br><span> to access it.</span><br><span> -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3</span><br><span></span><br><span></span><br><span>The issues and resolutions are described in the AST-2011-008, AST-2011-009, and</span><br><span>AST-2011-010 security advisories.</span><br><span></span><br><span>For more information about the details of these vulnerabilities, please read</span><br><span>the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were</span><br><span>released at the same time as this announcement.</span><br><span></span><br><span>For a full list of changes in the current releases, please see the ChangeLog:</span><br><span></span><br><span><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1</a></span><br><span><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1</a></span><br><span><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3</a></span><br><span></span><br><span>Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available</span><br><span>at:</span><br><span></span><br><span><a href="http://downloads.asterisk.org/pub/security/AST-2011-008.pdf">http://downloads.asterisk.org/pub/security/AST-2011-008.pdf</a></span><br><span><a href="http://downloads.asterisk.org/pub/security/AST-2011-009.pdf">http://downloads.asterisk.org/pub/security/AST-2011-009.pdf</a></span><br><span><a href="http://downloads.asterisk.org/pub/security/AST-2011-010.pdf">http://downloads.asterisk.org/pub/security/AST-2011-010.pdf</a></span><br><span></span><br><span>Thank you for your continued support of Asterisk!</span><br><span></span><br><span>--</span><br><span>_____________________________________________________________________</span><br><span>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --</span><br><span></span><br><span>asterisk-dev mailing list</span><br><span>To UNSUBSCRIBE or update options visit:</span><br><span> <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev"><a href="http://lists.digium.com/mailman/listinfo/asterisk-dev">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></a></span><br></div></blockquote></body></html>