How to upgrade asterisk without inner conflict

By using a security software–Nessus, the reports are as fellow:

[quote]Synopsis :

The remote VoIP service is susceptible to a remote denial of service

Description :

The version of Asterisk installed on the remote host consumes an IAX2
call number while waiting for an ACK packet in response to a PONG
packet. By flooding the affected service with POKE requests, an
unauthenticated remote attacker can leverage this issue to exhaust all
available call numbers and prevent legitimate IAX2 calls from getting

See also : … 8-010.html … 0/threaded[/quote]

Recommend solution:

[quote]Upgrade to Asterisk Open Source / 1.2.30, Asterisk Business
Edition C.2.0.3 / C.1.10.3 / B.2.5.4, s800i (Asterisk Appliance) or later. [/quote]

But i didn’t find any articles talking about the upgrade actions.
Have anybody upgraded asterisk successfully?
sincerely regards!!

If you are using a fairly recent 1.4.x version, download the lastest 1.4.x.y version, stop Asterisk, then do a standard source code install, with the exception of the make configs step. Take note of any warnings about left over modules.

If you are using a rather different version, you should read UPGRADE.txt, first.