Asterisk 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4 Now Available (Security)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Asterisk 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4 Now Available (Security)
- From: "Asterisk Development Team" <asteriskteam@xxxxxxxxxx>
- Date: Thu, 11 Jul 2019 16:45:19 -0500
The Asterisk Development Team would like to announce security releases for
Asterisk 13, 15 and 16, and Certified Asterisk 13.21. The available releases are
released as versions 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases
The following security vulnerabilities were resolved in these versions:
- AST-2019-002: Remote crash vulnerability with MESSAGE messages
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
- AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
For a full list of changes in the current releases, please see the ChangeLogs:
ChangeLog-13.27.1
ChangeLog-15.7.3
ChangeLog-16.4.1
ChangeLog-certified-13.21-cert4
The security advisories are available at:
AST-2019-002.pdf
AST-2019-003.pdf
Thank you for your continued support of Asterisk!--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-announce mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-announce
[Index of Archives]
[Asterisk App Development]
[PJ SIP]
[Asterisk SS7]
[Gnu Gatekeeper]
[IETF Sipping]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite News]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[ISDN Cause Codes]
[Asterisk Books]