Security releases for Asterisk 1.8+

Security releases for Asterisk 1.8+

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security
releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerabilities:

* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families
* AST-2014-018: Permission Escalation through DB dialplan function
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and AMI ConfbridgeStartRecord Action
* AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack
* AST-2014-015: Remote crash vulnerability in PJSIP channel driver
* AST-2014-016: Remote crash vulnerability in PJSIP channel driver

VirtualPBX: The Complete Business Phone Solution

Leave a Reply