The Asterisk Team announced the releases of Asterisk 220.127.116.11 yesterday and you can download it right away from Asterisk Download Servers.
This release resolves an issue where an ACL check is not present for verifying SIP INVITEs. More information on this vulnerability, please refer to the security advisory AST-2009-007(PDF), which was released imultaneously with this release announcement.
Only the Asterisk 1.6.1 series is the only branch affected by this vulnerability. Releases from previous branches (1.6.0, 1.4, 1.2) are not affected.
A full list of changes in this release, could be found on the ChangeLog.
Tuesday, October 27, 2009