<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1266228932;
mso-list-template-ids:-550440438;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Pjproject was rather quick this time around.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Your patches 0070 & 0071 (in third-party/pjproject/patches) have already been incorporated and released in 2.7.2.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">So I guess you can update the reference to 2.7.2 and remove the patches in the branches.<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">With best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
</span><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Florian Floimair<br>
</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Innovation - Software-Development</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">
<br>
<br>
<b>COMMEND INTERNATIONAL GMBH<br>
</b>A-5020 Salzburg, Saalachstraße 51<br>
Tel: +43-662-85 62 25<br>
Fax: +43-662-85 62 26<br>
</span><u><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue"><a href="http://www.commend.com">http://www.commend.com</a></span></u><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
<br>
<b>Security and Communication by Commend<br>
<br>
</b></span><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial",sans-serif;color:gray">FN 178618z | LG Salzburg</span><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>Von:</b> asterisk-dev-bounces@lists.digium.com [mailto:asterisk-dev-bounces@lists.digium.com]
<b>Im Auftrag von </b>Asterisk Development Team<br>
<b>Gesendet:</b> Mittwoch, 21. Februar 2018 22:57<br>
<b>An:</b> Asterisk Developers Mailing List <asterisk-dev@lists.digium.com><br>
<b>Betreff:</b> [asterisk-dev] Asterisk 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3 Now Available (Security)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">The Asterisk Development Team would like to announce security releases for<br>
Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are<br>
released as versions 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3.<br>
<br>
These releases are available for immediate download at<br>
<br>
<a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases">https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br>
<a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases">https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases</a><br>
<br>
The following security vulnerabilities were resolved in these versions:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-001: Crash when receiving unnegotiated dynamic payload<br>
The RTP support in Asterisk maintains its own registry of dynamic codecs and<br>
desired payload numbers. While an SDP negotiation may result in a codec using<br>
a different payload number these desired ones are still stored internally.<br>
When an RTP packet was received this registry would be consulted if the<br>
payload number was not found in the negotiated SDP. This registry was<br>
incorrectly consulted for all packets, even those which are dynamic. If the<br>
payload number resulted in a codec of a different type than the RTP stream<br>
(for example the payload number resulted in a video codec but the stream<br>
carried audio) a crash could occur if no stream of that type had been<br>
negotiated. This was due to the code incorrectly assuming that a stream of the<br>
type would always exist.<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-002: Crash when given an invalid SDP media format description<br>
By crafting an SDP message with an invalid media format description Asterisk<br>
crashes when using the pjsip channel driver because pjproject's sdp parsing<br>
algorithm fails to catch the invalid media format description.<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-003: Crash with an invalid SDP fmtp attribute<br>
By craft i ng an SDP message body with an invalid fmtp attribute Asterisk<br>
crashes when using the pjsip channel driver because pjproject's fmtp retrieval<br>
function fails to check if fmtp value is empty (set empty if previously parsed<br>
as invalid).<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-004: Crash when receiving SUBSCRIBE request<br>
When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the<br>
accepted formats present in the Accept headers of the request. This code did<br>
not limit the number of headers it processed despite having a fixed limit of<br>
32. If more than 32 Accept headers were present the code would write outside<br>
of its memory and cause a crash.<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly<br>
A crash occurs when a number of authenticated INVITE messages are sent over<br>
TCP or TLS and then the connection is suddenly closed. This issue leads to a<br>
segmentation fault.<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
AST-2018-006: WebSocket fram e s with 0 sized payload causes DoS<br>
When reading a websocket, the length was not being checked. If a payload of<br>
length 0 was read, it would result in a busy loop that waited for the<br>
underlying connection to close.<o:p></o:p></li></ul>
<p class="MsoNormal"><br>
For a full list of changes in the current releases, please see the ChangeLogs:<br>
<br>
<a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.19.2">ChangeLog-13.19.2</a><br>
<a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.6">ChangeLog-14.7.6</a><br>
<a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.2.2">ChangeLog-15.2.2</a><br>
<a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-13.18-cert3">ChangeLog-certified-13.18-cert3</a><br>
<br>
The security advisories are available at:<br>
<br>
<a href="https://downloads.asterisk.org/pub/security/AST-2018-001.pdf">AST-2018-001.pdf</a><br>
<a href="https://do%20w%20nloads.asterisk.org/pub/security/AST-2018-002.pdf">AST-2018-002.pdf</a><br>
<a href="https://downloads.asterisk.org/pub/security/AST-2018-003.pdf">AST-2018-003.pdf</a><br>
<a href="https://downloads.asterisk.org/pub/security/AST-2018-004.pdf">AST-2018-004.pdf</a><br>
<a href="https://downloads.asterisk.org/pub/security/AST-2018-005.pdf">AST-2018-005.pdf</a><br>
<a href="https://downloads.asterisk.org/pub/security/AST-2018-006.pdf">AST-2018-006.pdf</a><br>
<br>
Thank you for your continued support of Asterisk!<o:p></o:p></p>
</div>
</body>
</html>