<html><head></head><body>The Asterisk Development Team would like to announce security releases for<br>Asterisk 13, 16, 17 and 18. The available releases are released as versions<br>13.38.1, 16.15.1, 17.9.1 and 18.1.1.<br><br>These releases are available for immediate download at<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases'>https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br><br>The following security vulnerabilities were resolved in these versions:<br><br><ul><li> AST-2020-003: Remote crash in res_pjsip_diversion<br>A crash can occur in Asterisk when a SIP message is received that has a<br>History-Info header, which contains a tel-uri.<br></li><br><li> AST-2020-004: Remote crash in res_pjsip_diversion<br>A crash can occur in Asterisk when a SIP 181 response is received that has a<br>Diversion header, which contains a tel-uri.<br></li></ul><br>For a full list of changes in the current releases, please see the ChangeLogs:<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.1'>ChangeLog-13.38.1</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.15.1'>ChangeLog-16.15.1</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.9.1'>ChangeLog-17.9.1</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.1.1'>ChangeLog-18.1.1</a><br><br>The security advisories are available at:<br><br><a href='https://downloads.asterisk.org/pub/security/AST-2020-003.pdf'>AST-2020-003.pdf</a><br><a href='https://downloads.asterisk.org/pub/security/AST-2020-004.pdf'>AST-2020-004.pdf</a><br><br>Thank you for your continued support of Asterisk!</body></html>