On March 15 the Asterisk (News - Alert) development team announced a security release for Asterisk 1.4.

Asterisk is an open source framework on which communications applications are built. Asterisk enables any computer it’s installed on to act as a communications server with the ability to power IP PBX (News - Alert) sytems, VoIP gateways, conference servers and more. As a free and open source solution, it is used by small businesses, large businesses, call centers, carriers and governments around the world.

The updates, designated 1.4.44 and 1.6.2.23, resolve certain crash issues whereby a specific application, “app_milliwatt”, was regularly overrunning a buffer on the stack and causing outages.

While Asterisk claims this problem could not allow the removal of code execution, making the widely deployed communications network vulnerable to even novice hackers, the application caused serious annoyance for many users. The new releases are available for immediate download with accompanying change logs.

As with any open source, free coding solution, Asterisk carries with it the backing a huge and largely benevolent community of developers which boasts over 78,000 members focused on improving the world’s most widely adopted open source communications project. While some would question the security and stability of any solution that lets anyone under the hood to tinker, it is hard to argue with the results that Asterisk has experienced. It continues to be the model of open source success.