<div dir="ltr"><br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Asterisk Development Team</b> <span dir="ltr"><<a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a>></span><br>
Date: 2013/1/2<br>Subject: [asterisk-dev] Asterisk 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones, 11.1.1 Now Available (Security Release)<br>To: <a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a><br>
<br><br>The Asterisk Development Team has announced security releases for Certified<br>
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases<br>
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,<br>
and 11.1.1.<br>
<br>
These releases are available for immediate download at<br>
<a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br>
<br>
The release of these versions resolve the following two issues:<br>
<br>
* Stack overflows that occur in some portions of Asterisk that manage a TCP<br>
connection. In SIP, this is exploitable via a remote unauthenticated session;<br>
in XMPP and HTTP connections, this is exploitable via remote authenticated<br>
sessions.<br>
<br>
* A denial of service vulnerability through exploitation of the device state<br>
cache. Anonymous calls had the capability to create devices in Asterisk that<br>
would never be disposed of.<br>
<br>
These issues and their resolutions are described in the security advisories.<br>
<br>
For more information about the details of these vulnerabilities, please read<br>
security advisories AST-2012-014 and AST-2012-015, which were released at the<br>
same time as this announcement.<br>
<br>
For a full list of changes in the current releases, please see the ChangeLogs:<br>
<br>
<a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert10" target="_blank">http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert10</a><br>
<a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.19.1" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.19.1</a><br>
<a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.11.1" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.11.1</a><br>
<a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.11.1-digiumphones" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.11.1-digiumphones</a><br>
<a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1</a><br>
<br>
The security advisories are available at:<br>
<br>
* <a href="http://downloads.asterisk.org/pub/security/AST-2012-014.pdf" target="_blank">http://downloads.asterisk.org/pub/security/AST-2012-014.pdf</a><br>
* <a href="http://downloads.asterisk.org/pub/security/AST-2012-015.pdf" target="_blank">http://downloads.asterisk.org/pub/security/AST-2012-015.pdf</a><br>
<br>
Thank you for your continued support of Asterisk!<br>
<br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div><br><br clear="all"><br>-- <br><span style="font-family:trebuchet ms,sans-serif">Sylvio Jollenbeck<br><font size="1"><a href="http://www.hosannatecnologia.com.br/" target="_blank">www.hosannatecnologia.com.br</a></font></span><br>
<img src="http://www.hosannatecnologia.com.br/pixel.fw.png"><br>
</div>