Quoting upstream advisory AST-2009-007: http://downloads.asterisk.org/pub/security/AST-2009-007.html A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected. Affects all 1.6.1 versions, fixed in 1.6.1.8
asterisk-1.6.1.8-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/asterisk-1.6.1.8-1.fc11
For F-12: https://fedorahosted.org/rel-eng/ticket/2778
asterisk-1.6.1.8-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.