<html><head></head><body>The Asterisk Development Team would like to announce security releases for<br>Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases<br>are released as versions 13.38.2, 16.16.1, 17.9.2, 18.2.1 and 16.8-cert6.<br><br>These releases are available for immediate download at<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases'>https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br><a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases'>https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases</a><br><br>The following security vulnerabilities were resolved in these versions:<br><br><ul><li> AST-2021-001: Remote crash in res_pjsip_diversion<br>If a registered user is tricked into dialing a<br></li><br><li> AST-2021-002: Remote crash possible when negotiating T.38<br>When<br></li><br><li> AST-2021-003: Remote attacker could prematurely tear down SRTP calls<br>An unauthenticated remote attacker could replay SRTP packets which could cause<br>an Asterisk instance configured without strict RTP validation to tear down<br>calls prematurely.<br></li><br><li> AST-2021-004: An unsuspecting user could crash Asterisk with multiple<br> hold/unhold requests<br>Due to a signedness comparison mismatch, an authenticated WebRTC client could<br>cause a stack overflow and Asterisk crash by sending multiple hold/unhold<br>requests in quick succession.<br></li><br><li> AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver<br>Given a scenario where an outgoing call is placed from Asterisk to a remote<br>SIP server it is possible for a crash to occur.<br></li></ul><br>For a full list of changes in the current releases, please see the ChangeLogs:<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.2'>ChangeLog-13.38.2</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.16.1'>ChangeLog-16.16.1</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.9.2'>ChangeLog-17.9.2</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.2.1'>ChangeLog-18.2.1</a><br><a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert6'>ChangeLog-certified-16.8-cert6</a><br><br>The security advisories are available at:<br><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-001.pdf'>AST-2021-001.pdf</a><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-002.pdf'>AST-2021-002.pdf</a><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-003.pdf'>AST-2021-003.pdf</a><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-004.pdf'>AST-2021-004.pdf</a><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-005.pdf'>AST-2021-005.pdf</a><br><br>Thank you for your continued support of Asterisk!</body></html>