The release of Asterisk 10.5.1 resolves the following issue:
* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client sends an Off Hook message, followed by
a Key Pad Button Message, a structure that was previously set to NULL is
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.
This issue and its resolution is described in the security advisory.
For more information about the details of this vulnerability, please read
security advisory AST-2012-009, which was released at the same time as this
For a full list of changes in the current releases, please see the ChangeLog: