[asterisk-dev] Asterisk 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5 Now Available (Security)
משרד GIS מערכות תקשורת
office at phonecall.co
Thu Nov 5 16:29:03 CST 2020
On Fri, Nov 6, 2020 at 12:27 AM Asterisk Development Team <
asteriskteam at digium.com> wrote:
> The Asterisk Development Team would like to announce security releases for
> Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available
> releases
> are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5.
>
> These releases are available for immediate download at
>
> https://downloads.asterisk.org/pub/telephony/asterisk/releases
> https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases
>
> The following security vulnerabilities were resolved in these versions:
>
>
> - AST-2020-001: Remote crash in res_pjsip_session
> Upon receiving a new SIP Invite, Asterisk did not return the created
> dialog
> locked or referenced.
>
> - AST-2020-002: Outbound INVITE loop on challenge with different nonce.
> If Asterisk is challenged on an outbound INVITE and the nonce is
> changed in
> each response, Asterisk will continually send INVITEs in a loop. This
> causes
> Asterisk to consume more and more memory since the transaction will
> never
> terminate (even if the call is hung up), ultimately leading to a
> restart or
> shutdown of Asterisk. Outbound authentication must be configured on the
> endpoint for this to occur.
>
>
> For a full list of changes in the current releases, please see the
> ChangeLogs:
>
> ChangeLog-13.37.1
> <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1>
> ChangeLog-16.14.1
> <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.14.1>
> ChangeLog-17.8.1
> <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.8.1>
> ChangeLog-18.0.1
> <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.0.1>
> ChangeLog-certified-16.8-cert5
> <https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert5>
>
> The security advisories are available at:
>
> AST-2020-001.pdf
> <https://downloads.asterisk.org/pub/security/AST-2020-001.pdf>
> AST-2020-002.pdf
> <https://downloads.asterisk.org/pub/security/AST-2020-002.pdf>
>
> Thank you for your continued support of Asterisk!
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20201106/5c44e537/attachment.html>
More information about the asterisk-dev
mailing list