The Asterisk Development Team has announced security releases for Asterisk 1.8
and 10. The available security releases are released as versions 22.214.171.124 and
10.0.1. Please note that the security vulnerability in Asterisk 1.8 and 10
does not exist for Asterisk versions 1.4 or 1.6.2.
These releases are available for immediate download at
The release of Asterisk versions 126.96.36.199 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.
The issue and its resolution is described in the security advisory.
For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this
For a full list of changes in the current releases, please see the ChangeLogs:
Security advisory AST-2012-001 is available at:
Thank you for your continued support of Asterisk!