<div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Nov 6, 2020 at 12:27 AM Asterisk Development Team <<a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>The Asterisk Development Team would like to announce security releases for<br>Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases<br>are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5.<br><br>These releases are available for immediate download at<br><br><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases" target="_blank">https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br><a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases" target="_blank">https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases</a><br><br>The following security vulnerabilities were resolved in these versions:<br><br><ul><li> AST-2020-001: Remote crash in res_pjsip_session<br>Upon receiving a new SIP Invite, Asterisk did not return the created dialog<br>locked or referenced.<br></li><br><li> AST-2020-002: Outbound INVITE loop on challenge with different nonce.<br>If Asterisk is challenged on an outbound INVITE and the nonce is changed in<br>each response, Asterisk will continually send INVITEs in a loop. This causes<br>Asterisk to consume more and more memory since the transaction will never<br>terminate (even if the call is hung up), ultimately leading to a restart or<br>shutdown of Asterisk. Outbound authentication must be configured on the<br>endpoint for this to occur.<br></li></ul><br>For a full list of changes in the current releases, please see the ChangeLogs:<br><br><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1" target="_blank">ChangeLog-13.37.1</a><br><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.14.1" target="_blank">ChangeLog-16.14.1</a><br><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.8.1" target="_blank">ChangeLog-17.8.1</a><br><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.0.1" target="_blank">ChangeLog-18.0.1</a><br><a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert5" target="_blank">ChangeLog-certified-16.8-cert5</a><br><br>The security advisories are available at:<br><br><a href="https://downloads.asterisk.org/pub/security/AST-2020-001.pdf" target="_blank">AST-2020-001.pdf</a><br><a href="https://downloads.asterisk.org/pub/security/AST-2020-002.pdf" target="_blank">AST-2020-002.pdf</a><br><br>Thank you for your continued support of Asterisk!</div>-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></blockquote></div>