This release contains a large number of bug fixes over the previous release. This release addresses problems involving channel locks.
Announcement from the Asterisk people: the Asterisk.org development team has released Asterisk version 1.4.19.2. Summary:
This release includes some IAX2 channel driver updates. Asterisk 1.4.19.1 was released to address an IAX2 security vulnerability. Unfortunately, the changes to address the security issue had an unfortunate negative impact on IAX2 performance in Asterisk. These issues have been addressed and the related fixes are included in this release. The performance of IAX2 in Asterisk due to these changes should be far better than it was even before the changes were made for the security issue.
Work on the next release of Asterisk, version 1.4.20, continues apace: The Asterisk development team has released Asterisk version 1.4.20-rc2.
From the Asterisk web site:
This release is a release candidate for the upcoming official release of 1.4.20. It includes a fix for a SIP channel driver regression introduced in 1.4.20-rc1, among a number of other changes.
The release candidate is available on the download site.
From the Asterisk web site: Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 released.
All of these releases contain a security patch for the vulnerability described in the AST-2008-006 security advisory. 1.6.0-beta8 is also a regular update to the 1.6.0 series with a number of bug fixes over the previous beta release.
Early last year, we made some modifications to the IAX2 channel driver to combat potential usage of IAX2 in traffic amplification attacks. Unfortunately, our fix was not complete and we were not notified of this until the original reporter of the issue decided to release information on how to exploit it to the public.
