Asterisk, the open source telephony project, has announced security releases for versions that might be vulnerable to the dialplan string injection vulnerability reported in February.

The security releases apply to versions 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16 and 1.6.2.4 and is available for immediate download here. Earlier, the Asterisk developer community was alerted about the potential harm, details of which were described in the AST-2010-002 security advisory.

"This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers," a statement on the Asterisk community Web site reads.

To learn more about this vulnerability, click here.