The Asterisk Development Team would like to announce security release Asterisk 18.20.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.20.1 and https://downloads.asterisk.org/pub/telephony/asterisk The following security advisories were resolved in this release: - [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f) - [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq) - [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7) - [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh) Change Log for Release asterisk-18.20.1 ======================================== Links: ---------------------------------------- - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.20.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.20.0...18.20.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.20.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) Summary: ---------------------------------------- - res_pjsip_header_funcs: Duplicate new header value, don't copy. - res_pjsip: disable raw bad packet logging - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list - manager.c: Prevent path traversal with GetConfig. User Notes: ---------------------------------------- Upgrade Notes: ---------------------------------------- Closed Issues: ---------------------------------------- None -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-announce mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-announce