[asterisk-dev] Asterisk 13.18.4, 14.7.4, 15.1.4 and Certified Asterisk 13.13-cert9 Now Available

Asterisk Development Team asteriskteam at digium.com
Wed Dec 13 11:24:55 CST 2017


The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15.  The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security
vulnerabilities:

* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  If a compound RTCP packet is received containing more than 
  one report (for example a Receiver Report and a Sender     
  Report) the RTCP stack will incorrectly store report       
  information outside of allocated memory potentially causing
  a crash.                                                   

For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.4
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.4
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.1.4
http://downloads.asterisk.org/pub/telephony/certified-asterisk/ChangeLog-certified-13.13-cert9

The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-012.html
http://downloads.asterisk.org/pub/security/AST-2017-012.pdf

Thank you for your continued support of Asterisk!


More information about the asterisk-dev mailing list