[asterisk-dev] CORRECTED asterisk release certified-18.9-cert6

Asterisk Development Team asteriskteam at digium.com
Thu Dec 14 14:32:12 CST 2023


The earlier release announcement should NOT have had any User or Upgrade
notes.

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert6.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside files](
https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f
)
- [Asterisk susceptible to Denial of Service via DTLS Hello packets during
call initiation](
https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
)
- [PJSIP logging allows attacker to inject fake Asterisk log entries ](
https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7
)
- [PJSIP_HEADER dialplan function can overwrite memory/cause crash when
using 'update'](
https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh
)


Change Log for Release asterisk-certified-18.9-cert6
========================================

Links:
----------------------------------------

 - [Full ChangeLog](
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-certified-18.9-cert6.md)

 - [GitHub Diff](
https://github.com/asterisk/asterisk/compare/certified-18.9-cert5...certified-18.9-cert6)

 - [Tarball](
https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-certified-18.9-cert6.tar.gz)

 - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)

Summary:
----------------------------------------

- res_pjsip_header_funcs: Duplicate new header value, don't copy.
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
- manager.c: Prevent path traversal with GetConfig.
- res_pjsip: disable raw bad packet logging

User Notes:
----------------------------------------

Upgrade Notes:
----------------------------------------

Closed Issues:
----------------------------------------

None
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20231214/653f3b55/attachment-0001.html>


More information about the asterisk-dev mailing list