Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

AST-2016-001: BEAST vulnerability in HTTP server

February 3, 2016

http://downloads.asterisk.org/pub/security/AST-2016-001.pdf

https://downloads.asterisk.org/pub/security/AST-2016-001.pdf

AST-2015-003: TLS Certificate Common Name NULL Byte Exploit

April 8, 2015

http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

https://downloads.asterisk.org/pub/security/AST-2015-003.pdf

AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

January 28, 2015

http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

https://downloads.asterisk.org/pub/security/AST-2015-002.pdf

AST-2015-001: File descriptor leak when incompatible codecs are offered

January 28, 2015

http://downloads.asterisk.org/pub/security/AST-2015-001.pdf

https://downloads.asterisk.org/pub/security/AST-2015-001.pdf

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

December 10, 2014

http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

https://downloads.asterisk.org/pub/security/AST-2014-019.pdf