Il giorno 23 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 220.127.116.11, 18.104.22.168.1 e 22.214.171.124
Dal post originale:
he release of Asterisk 126.96.36.199, 188.8.131.52, and 184.108.40.206 resolves several issues
as outlined below:
AST-2011-008: If a remote user sends a SIP packet containing a null,
Asterisk assumes available data extends past the null to the
end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past
the end of the buffer altering unrelated memory structures.
This vulnerability does not affect TCP/TLS connections.
-- Resolved in 220.127.116.11.1 and 18.104.22.168
AST-2011-009: A remote user sending a SIP packet containing a Contact header
with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 22.214.171.124 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 126.96.36.199, 188.8.131.52.1, and 184.108.40.206 The issues and resolutions are described in the AST-2011-008, AST-2011-009, and AST-2011-010 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available at: http://downloads.asterisk.org/pub/security/AST-2011-008.pdf http://downloads.asterisk.org/pub/security/AST-2011-009.pdf http://downloads.asterisk.org/pub/security/AST-2011-010.pdf