- Update to 1.6.1.17
-
- * AST-2010-003: Invalid parsing of ACL rules can compromise security
- * AST-2010-002: This security release is intended to raise awareness
- of how it is possible to insert malicious strings into dialplans,
- and to advise developers to read the best practices documents so
- that they may easily avoid these dangers.
- * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can
- remotely crash Asterisk by modifying the FaxMaxDatagram field of
- the SDP to contain either a negative or exceptionally large value.
- The same crash occurs when the FaxMaxDatagram field is omitted from
- the SDP as well.