The Asterisk Development Team would like to announce security release
Asterisk 20.9.3.
The release artifacts are available for immediate download at
https://github.com/asterisk/as
and
https://downloads.asterisk.org
Repository: https://github.com/asterisk/as
Tag: 20.9.3
## Change Log for Release asterisk-20.9.3
### Links:
– [Full ChangeLog](https://downloads.a
– [GitHub Diff](https://github.com/aster
– [Tarball](https://downloads.as
– [Downloads](https://downloads.
### Summary:
– Commits: 1
– Commit Authors: 1
– Issues Resolved: 0
– Security Advisories Resolved: 1
– [GHSA-v428-g3cw-7hv9](https://
### User Notes:
### Upgrade Notes:
### Commit Authors:
– George Joseph: (1)
## Issue and Commit Detail:
### Closed Issues:
– !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
### Commits By Author:
– #### George Joseph (1):
– res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
### Commit List:
– res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
### Commit Details:
#### res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a ‘ns_r_formerr’ result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a “No answer record in the DNS
response” error. The existing “off nominal” unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9