[asterisk-security] CORRECTED asterisk release certified-18.9-cert6
Royal Design
info at royaldesign.se
Thu Dec 14 15:11:10 CST 2023
Bäste kund,
tack för att du kontaktar oss!
Vi har för närvarande högt tryck på vår kundservice och vi gör vårt yttersta
för att besvara ditt ärende så snabbt som möjligt.
Tack för ditt tålamod och förståelse!
Vanliga frågor och svar hittar ni via länken nedan:
https://royaldesign.se/kundtjanst <https://royaldesign.se/kundtjanst>
Vid avbeställningar råder vi dig till att ringa oss på: 010 750 25 21
Ha en fortsatt trevlig dag!
Previous-message-reference:
<CAP=uFEsco8knetYgFT0d=CNe+6jdjmwLGoz732w6vSCtgDwUsA at mail.gmail.com>
Previous-message-reference: <57276b05a0c14f71aff36afe436a2fde at email.dixa.io>
Asterisk Development Team December 14, 21:11 GMT
The earlier release announcement should NOT have had any User or Upgrade
notes.
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert6.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6
<https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert6>
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
<https://downloads.asterisk.org/pub/telephony/certified-asterisk>
The following security advisories were resolved in this release:
- Path traversal via AMI GetConfig allows access to outside files
<https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f>
- Asterisk susceptible to Denial of Service via DTLS Hello packets during
call initiation
<https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq>
- PJSIP logging allows attacker to inject fake Asterisk log entries
<https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7>
- PJSIP_HEADER dialplan function can overwrite memory/cause crash when
using 'update'
<https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh>
Change Log for Release asterisk-certified-18.9-cert6 <>
Links: <>
* Full ChangeLog
<https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-certified-18.9-cert6.md>
* GitHub Diff
<https://github.com/asterisk/asterisk/compare/certified-18.9-cert5...certified-18.9-cert6>
* Tarball
<https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-certified-18.9-cert6.tar.gz>
* Downloads <https://downloads.asterisk.org/pub/telephony/asterisk>
Summary: <>
* res_pjsip_header_funcs: Duplicate new header value, don't copy.
* res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
* manager.c: Prevent path traversal with GetConfig.
* res_pjsip: disable raw bad packet logging
User Notes: <>
Upgrade Notes: <>
Closed Issues: <>
None
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-security/attachments/20231214/f530a200/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 3278 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-security/attachments/20231214/f530a200/attachment-0001.png>
More information about the asterisk-security
mailing list