<html><head></head><body>The Asterisk Development Team would like to announce security releases for<br>Asterisk 15 and 16. The available releases are released as versions 15.6.2 and<br>16.0.1.<br><br>These releases are available for immediate download at<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases'>https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br><br>The following security vulnerabilities were resolved in these versions:<br><br><br> There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of<br> Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS<br> SRV or NAPTR response. The attacker’s request causes Asterisk to segfault<br> and crash.<br><br>For a full list of changes in the current releases, please see the ChangeLogs:<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.6.2'>ChangeLog-15.6.2</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.0.1'>ChangeLog-16.0.1</a><br><br>The security advisory is available at:<br><br><a href='https://downloads.asterisk.org/pub/security/AST-2018-010.pdf'>AST-2018-010.pdf</a><br><br>Thank you for your continued support of Asterisk!</body></html>