<html><head></head><body>The Asterisk Development Team would like to announce security releases for<br>Asterisk 16, 17 and 18, and Certified Asterisk 16.8. The available releases are<br>released as versions 16.16.2, 17.9.3, 18.2.2 and 16.8-cert7.<br><br>These releases are available for immediate download at<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases'>https://downloads.asterisk.org/pub/telephony/asterisk/releases</a><br><a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases'>https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases</a><br><br>The following security vulnerabilities were resolved in these versions:<br><br><ul><li> AST-2021-006: Crash when negotiating T.38 with a zero port<br>When Asterisk sends a re-invite initiating T.38 faxing and the endpoint<br>responds with a m=image line and zero port, a crash will occur in Asterisk.<br>This is a reoccurrence of AST-2019-004.<br></li></ul><br>For a full list of changes in the current releases, please see the ChangeLogs:<br><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.16.2'>ChangeLog-16.16.2</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.9.3'>ChangeLog-17.9.3</a><br><a href='https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.2.2'>ChangeLog-18.2.2</a><br><a href='https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert7'>ChangeLog-certified-16.8-cert7</a><br><br>The security advisory is available at:<br><br><a href='https://downloads.asterisk.org/pub/security/AST-2021-006.pdf'>AST-2021-006.pdf</a><br><br>Thank you for your continued support of Asterisk!</body></html>