Two Asterisk Security Advisories, Including One Critical Remote Vulnerability

The Digium security team issued two security advisories this week for Asterisk:

The second one, AST-2011-004, is the far more concerning because it indicates that a remote attacker could connect to an Asterisk system and cause it to crash.

The solution, in both cases, is to upgrade to the latest Asterisk releases.

UPDATE: 3/18/11 – Olle Johansson pointed out on Twitter:

Either upgrade or do not use SIP/TCP. Installations only using SIP/udp is not affected and do not need to upgrade.

Thanks for the clarification, Olle.