<html><head></head><body>The Asterisk Development Team would like to announce security releases for<br>
Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases<br>
are released as versions 13.38.3, 16.19.1, 17.9.4, 18.5.1 and 16.8-cert10.<br>
<br>
These releases are available for immediate download at<br>
<br>
<a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases'>https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br>
<a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases'>https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases</a><br>
<br>
The following security vulnerabilities were resolved in these versions:<br>
<br>
<ul>
<li> AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver<br>
When Asterisk receives a re-INVITE without SDP after having sent a BYE request<br>
a crash will occur. This occurs due to the Asterisk channel no longer being<br>
present while code assumes it is.<br>
</li>
<br>
<li> AST-2021-008: Remote crash when using IAX2 channel driver<br>
If the IAX2 channel driver receives a packet that contains an<br>
</li>
<br>
<li> AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during<br>
handshake<br>
Depending on the timing, it’s possible for Asterisk to crash when using a<br>
TLS connection if the underlying socket parent/listener gets destroyed during<br>
the handshake.<br>
</li>
</ul>
<br>
For a full list of changes in the current releases, please see the ChangeLogs:<br>
<br>
<a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.3'>ChangeLog-13.38.3</a><br>
<a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.19.1'>ChangeLog-16.19.1</a><br>
<a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.9.4'>ChangeLog-17.9.4</a><br>
<a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.5.1'>ChangeLog-18.5.1</a><br>
<a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert10'>ChangeLog-certified-16.8-cert10</a><br>
<br>
The security advisories are available at:<br>
<br>
<a href='https://downloads.asterisk.org/pub/security/AST-2021-007.pdf'>AST-2021-007.pdf</a><br>
<a href='https://downloads.asterisk.org/pub/security/AST-2021-008.pdf'>AST-2021-008.pdf</a><br>
<a href='https://downloads.asterisk.org/pub/security/AST-2021-009.pdf'>AST-2021-009.pdf</a><br>
<br>
Thank you for your continued support of Asterisk!</body></html>