What can we help you find?

Security Advisories

Stay up to date with the latest security advisories for the Asterisk Project.

ASTAST-2018-001: Crash when receiving unnegotiated dynamic payload

Feb 21, 2018


AST-2017-014: Crash in PJSIP resource when missing a contact header

Dec 22, 2017


Asterisk 13.18.4, 14.7.4, 15.1.4 and Certified Asterisk 13, 13-cert9 Now Available

Dec 13, 2017

The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15.  The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security
vulnerabilities:

* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  If a compound RTCP packet is received containing more than
  one report (for example a Receiver Report and a Sender
  Report) the RTCP stack will incorrectly store report
  information outside of allocated memory potentially causing
  a crash.

For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/certified-asterisk/ChangeLog...

The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-012.html
http://downloads.asterisk.org/pub/security/AST-2017-012.pdf

Thank you for your continued support of Asterisk

 


AST-2017-013: DOS Vulnerability in Asterisk chan_skinny

Dec 1, 2017


Pages

Subscribe to