Information seems a bit sparse, but SineApps reports: Asterisk 1.4.1 has been released as well as Asterisk 1.2.16 and Zaptel 1.2.15. These include bugfixes as well as a solution to the recently discovered security hole. This security hole is a major one and as such, machines should be updated as soon as possible. I will post further information about it in around a week, but you should all upgrade your servers before then. Update: TrixBox, packaged Asterisk and OpenPBX are affected too: Update: Vulnerability is a remote DOS (segfaults Asterisk): Update: Vulnerability is in the SIP stack. If you have port 5060 blocked and are not using SIP then you should be fine. In any other situation, you should upgrade:
*** This bug has been marked as a duplicate of bug 169616 ***