<div dir="ltr"><span style="font-size:12.8px">The Asterisk Development Team has announced security releases for </span><span style="font-size:12.8px">Certified </span><span style="font-size:12.8px">Asterisk 13.13 and Asterisk 13 and 14. The available security releases </span><span style="font-size:12.8px">are released as versions 13.13-cert3, 13.14.1, and 14.3.1.</span><div><br style="font-size:12.8px"><span style="font-size:12.8px">These releases are available for immediate download at</span></div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases" rel="noreferrer" target="_blank" style="font-size:12.8px">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/<wbr>releases</a></div><div><br><span style="font-size:12.8px">The release of these versions resolves the following security </span><span style="font-size:12.8px">vulnerabilities:</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">* AST-2017-001: Buffer overflow in CDR's set user</span></div><div><span style="font-size:12.8px">  No size checking is done when setting the user field on a CDR. Thus,</span></div><div>  <span style="font-size:12.8px">it is possible for someone to use an arbitrarily large string and</span><span style="font-size:12.8px"> write past</span></div><div>  <span style="font-size:12.8px">the end of the user field storage buffer. This allows the possibility </span><span style="font-size:12.8px">of </span><span style="font-size:12.8px">remote</span></div><div><span style="font-size:12.8px">  </span><span style="font-size:12.8px">code injection.</span></div><div><br style="font-size:12.8px"><span style="font-size:12.8px">For a full list of changes in the current releases, please see the </span><span style="font-size:12.8px">ChangeLogs:</span></div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.13-cert3" rel="noreferrer" target="_blank" style="font-size:12.8px">http://downloads.asterisk.org/<wbr>pub/telephony/certified-<wbr>asterisk/releases/ChangeLog-<wbr>13.13-cert3</a><br style="font-size:12.8px"><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.14.1" rel="noreferrer" target="_blank" style="font-size:12.8px">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/<wbr>releases/ChangeLog-13.14.1</a><br style="font-size:12.8px"><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.3.1" rel="noreferrer" target="_blank" style="font-size:12.8px">http://downloads.asterisk.org/<wbr>pub/telephony/asterisk/<wbr>releases/ChangeLog-14.3.1</a><br style="font-size:12.8px"><br><span style="font-size:12.8px">The security advisories are available at:</span></div><div><br style="font-size:12.8px"><span style="font-size:12.8px"> * </span><a href="http://downloads.asterisk.org/pub/security/AST-2017-001.pdf" rel="noreferrer" target="_blank" style="font-size:12.8px">http://downloads.asterisk.org/<wbr>pub/security/AST-2017-001.pdf</a></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thank you for your continued support of Asterisk!</span></div></div>