Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data

February 3, 2016

http://downloads.asterisk.org/pub/security/AST-2016-003.pdf

https://downloads.asterisk.org/pub/security/AST-2016-003.pdf

AST-2016-002: File descriptor exhaustion in chan_sip

February 3, 2016

http://downloads.asterisk.org/pub/security/AST-2016-002.pdf

https://downloads.asterisk.org/pub/security/AST-2016-002.pdf

AST-2016-001: BEAST vulnerability in HTTP server

February 3, 2016

http://downloads.asterisk.org/pub/security/AST-2016-001.pdf

https://downloads.asterisk.org/pub/security/AST-2016-001.pdf

AST-2015-003: TLS Certificate Common Name NULL Byte Exploit

April 8, 2015

http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

https://downloads.asterisk.org/pub/security/AST-2015-003.pdf

AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

January 28, 2015

http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

https://downloads.asterisk.org/pub/security/AST-2015-002.pdf