Multiple security flaws in Asterisk – upgrade available

Today Internet Security Systems (ISS) issued a press release announcing that they had found two vulnerabilities in the IAX2 protocol used by Asterisk. The actual security advisories can be found here and here.

A new version 1.2.10 of Asterisk was released on Saturday, July 14, to address these vulnerabilities. Users of Asterisk are, of course, strongly encouraged to upgrade.