The Asterisk Development Team has announced a security release for Asterisk 1.8. The available security release is released as version 1.8.7.1.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can lead to a remotely exploitable crash:
Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
The issue and resolution is described in the AST-2011-012 security advisory.
For more information about the details of this vulnerability, please read the security advisory AST-2011-012, which was released at the same time as this announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.1
Security advisory AST-2011-012 is available at:
Please log in to add feedback.
This update has been submitted for testing by jcollie.
This update has been pushed to testing
This update has been submitted for stable by jcollie.
This update is currently being pushed to the Fedora EPEL 6 stable updates repository.
This update has been pushed to stable