Asterisk
Released new versions (via yoyo.pl) of all supported branches of Asterisk - 1.2.35, 1.4.26.2, 1.6.0.15, 1.6.1.6. Update unscheduled, associated with the vulnerability in the implementation of the protocol IAX2 (module chan_iax2), giving a remote attacker to cause a crash or Asterisk at the best of circumstances to initiate a session without passing the authentication. According to the report for the correction of vulnerability, the problem has been known since June 22 last year and the network can find a working exploit. Such a long time to fix due to the deadlock has arisen regarding the need to change the protocol and violations of backward compatibility for the vulnerability. Luckily found a workaround solution.
You can also note the emergence of a new project Starfish PBX (via bild.de ), aimed at creating an open alternative to commercial product Switchvox, growing company Digium. Currently Starfish PBX at the stage of preliminary testing, the product is not tied in some specific hardware devices, and aims to support a wide range of equipment and VoIP protocols (IAX, MGCP), focusing not only on the SIP. Available for download binary packages for Ubuntu 9.04 and a full set of source code, licensed under the Telesoft Public Licence 1.0, providing a similar degree of freedom of GPL, but imposing some restrictions on the supply of software in the hardware devices.