Home
About Us
Asterisk News
Business Partners
SmoothTorque Dialer
PABX
Telephone Exchanges
Asterisk 1.2.36, 1.4.26.3, 1.6.0.17 and 1.6.1.9 Now Available

Huge thanks to Joshua Colp for mirroring services

Asterisk 1.2.36, 1.4.26.3, 1.6.0.17 and 1.6.1.9 Now Available

Click to view a printable version Thu, 05 Nov 2009 20:12:13 -0400

thumnail

The Asterisk Development Team has announced security releases for Asterisk as the following versions:

  • 1.2.36

  • 1.4.26.3

  • 1.6.0.17

  • 1.6.1.9

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of 1.2.36 resolves an issue where sending a REGISTER with a differing username in the From URI and Authorization header would reveal whether it was valid or not. For more information about the details of this vulnerability, please read the security advisory AST-2009-008, which was released at the same time as this announcement.

The releases of Asterisk 1.4.26.3, 1.6.0.17, and 1.6.1.9 include the fix described in security advisory AST-2009-008, and also contain a fix where it may be possible for someone to execute a cross-site AJAX request exploit. For more information about the details of this vulnerability, please read the security advisory AST-2009-009, which was released at the same time as this announcement.

In addition, Asterisk users may notice that we skipped the version number 1.6.0.16. This was intentional, in an effort to avoid confusion about what a particular release contains. Asterisk 1.6.0.16 had candidates for release made, so backtracking on those changes in a release with the same version number might be confusing. The next release candidate, which would have been 1.6.0.16-rc3, will be released with additional changes as 1.6.0.18-rc1.

Also of note, that the previous release announcement for 1.6.1.8 stated that the next set of 1.6.1 release candidates would be 1.6.1.9-rc1. As release candidates for 1.6.1.9 were not yet released, 1.6.1.9 is only a security release, and the next release candidate in the 1.6.1 series is expected to be 1.6.1.10-rc1.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.2.36
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.26.3
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.17
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.9

Security advisory AST-2009-008 is available at:

http://downloads.asterisk.org/pub/security/AST-2009-008.pdf

Security advisory AST-2009-009 is available at:

http://downloads.asterisk.org/pub/security/AST-2009-009.pdf

Thank you for your continued support of Asterisk!

 

Name: Subject: Message:

Similar Articles (Based on Title)

DUNDi is available for use with v1-0 - October 23, 2004
BKW has released a .tar.gz file so that you can use DUNDi with Asterisk 1.0

Asterisk-Users: Asterisk 1.0.2 rpms now available for FC1 - October 27, 2004
Andrew McRory has posted details of the rpms for Asterisk 1.0.2

Asterisk-Users: RPMS for Fedora Core 2 now available - November 9, 2004
Andrew McRory has posted information on the RPMs of Asterisk for Fedora Core 2.

asterisk-oh323: New versions available - December 22, 2004
Michael Manousos has announced new versions of chan_oh323 from inaccessnetworks.

New 4-Port BRI card Sirrix.PCI4S0 with Asterisk support available - January 9, 2005
Oskar Senft has posted details of the 4-Port BRI card Sirrix.PCI4S0 with Asterisk support to the Asterisk-biz mailing list.

*-Dev: New jitterbuffer and Packet Loss Concealment preview/prototype patch available in tracker. - January 21, 2005
Steve Kann has posted details of the latest patch added to the bugtracker.

Linux Bridge + QoS Shaper HOWTO available - January 28, 2005
Ron Senykoff has posted details of a HOWTO he has written.

DIAX version 0.9.10a available for download - February 9, 2005
Dan has posted details of the latest version of his IAX softphone - DIAX - to the Asterisk-Users mailing list.

DIAX 0.9.10f available for download - March 12, 2005
Dan has posted details of the release of the latest version of the DIAX softphone.

UNISTIM channel driver available - March 12, 2005
Andres has posted details of a release from Cedric Hans of a UNISTIM channel driver for Asterisk.

Iaxclient-devel: Kiax 0.8.3 available - March 18, 2005
Emil Stoyanov has posted details of the latest release of Kiax.

AstLinux 0.2.5.5 now available for testing (includes ISDN/BRI) - April 15, 2005
Kristian Kielhofner has posted details of the pre-release of what will become 0.2.6 of AstLinux.

Top 15 Daily Asterisk News Articles

No interrupts from TDM400 Card - August 12, 2009 Average Vote: 10
snom soft phone - February 8, 2005 Average Vote: 10
Asterisk scalability - February 18, 2009 Average Vote: 10
Testing of SIP TCP/TLS support - July 11, 2007 Average Vote: 10
Interview With Flash Operator Panel Developer - September 19, 2004 Average Vote: 10
Voip-info.org: Free downloadable guide on how to switch to VoIP - February 6, 2005 Average Vote: 10
Distributed Asterisk events and device state - March 17, 2008 Average Vote: 10
espeak app for Asterisk 1.6 - September 2, 2009 Average Vote: 9.9
Asterisk PHP Peer Status - September 2, 2009 Average Vote: 9.7
Interview with Mark Spencer - November 26, 2004 Average Vote: 9.7
Amazing Asterisk Sign - August 18, 2009 Average Vote: 9.5
Iaxclient-devel: JIAXClient - Java IAXClient 0.0.1 released - February 9, 2005 Average Vote: 9.5
Digium Community Achievement Award - October 16, 2009 Average Vote: 9.5
Interview with John Todd - August 22, 2009 Average Vote: 9.4
Add Multi User Chat client capabilities to Asterisk - September 16, 2009 Average Vote: 9

Last 10 Daily Asterisk News Articles

New Open Source CTI client for Asterisk - November 19, 2009
Oliver Nittka has posted information on the release of a new CTI client for Asterisk.

AstriCon 2009 Presentation - Building a Distributed Call Center - November 19, 2009
Leif Madsen has posted his presentation on building a distributed call centre.

Changing internal_timing to default to yes - November 19, 2009
Leif Madsen has posted a question about whether the internal_timing option should default to yes.

Oman - 212 arrested for providing VoIP - November 19, 2009
MENAFN has an article by Rahima Al Balushi on the arrest of 212 people in Oman for providing VoIP services.

Review ExternalIVR cleanup - November 16, 2009
David Ruggles has posted details of the review request for External IVR.

Asterisk Release Candidates 1.4.27-rc5, 1.6.0.18-rc3, 1.6.1.10-rc3, and 1.6.2.0-rc5 Now Available - November 16, 2009
The Asterisk Development Team has announced the next set of Asterisk release candidates for versions 1.4.27, 1.6.0.18, 1.6.1.10, and 1.6.2.0.

Request for Review: Building Queues with Asterisk - November 13, 2009
Leif Madsen has written some examples and documentation on setting up Queues in Asterisk.

New Open Source Codec with HD Quality - November 12, 2009
The VoIPToday blog has an article about a new free codec with some pretty impressive statistics. near G711 quality with 16kbps.

AstriCon Videos and Presentations: First batch is online - November 12, 2009
John Todd has posted links to the first videos and presentations from Astricon.

Asterisk Project Update at AstriCon 2009 - November 11, 2009
Russell Bryant has posted details from his presentation on Asterisk at Astricon.

Loading
Original Content (C) 2004-2009 Matt Riddell
Back 5  Add to Google Subscribe with Bloglines
Go to today

Icons by: FastIcon.com