The Asterisk Development Team has announced security releases for Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available security releases are released as versions 13.13-cert9, 13.18.4, 14.7.4 and 15.1.4. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerabilities: * AST-2017-012: Remote Crash Vulnerability in RTCP Stack If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.1.4 http://downloads.asterisk.org/pub/telephony/certified-asterisk/ChangeLog-certified-13.13-cert9 The security advisories are available at: http://downloads.asterisk.org/pub/security/AST-2017-012.html http://downloads.asterisk.org/pub/security/AST-2017-012.pdf Thank you for your continued support of Asterisk!
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-announce mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-announce
|