[asterisk-dev] Asterisk 13.28.1, 15.7.4 and 16.5.1 Now Available (Security)

Asterisk Development Team asteriskteam at digium.com
Thu Sep 5 09:49:34 CDT 2019


The Asterisk Development Team would like to announce security releases for
Asterisk 13, 15 and 16. The available releases are released as versions 13.28.1,
15.7.4 and 16.5.1.

These releases are available for immediate download at

https://downloads.asterisk.org/pub/telephony/asterisk/releases

The following security vulnerabilities were resolved in these versions:

* AST-2019-004: Crash when negotiating for T.38 with a declined stream
  When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
  responds with a declined media stream a crash will then occur in Asterisk.

* AST-2019-005: Remote Crash Vulnerability in audio transcoding
  When audio frames are given to the audio transcoding support in Asterisk the
  number of samples are examined and as part of this a message is output to
  indicate that no samples are present. A change was done to suppress this
  message for a particular scenario in which the message was not relevant. This
  change assumed that information about the origin of a frame will always exist
  when in reality it may not.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.28.1
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.7.4
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.5.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf

Thank you for your continued support of Asterisk!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20190905/b499f9de/attachment.html>


More information about the asterisk-dev mailing list