What can we help you find?

Security Advisories

Stay up to date with the latest security advisories for the Asterisk Project.

Asterisk 13.18.4, 14.7.4, 15.1.4 and Certified Asterisk 13, 13-cert9 Now Available

Dec 13, 2017

The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15.  The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security
vulnerabilities:

* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
  If a compound RTCP packet is received containing more than
  one report (for example a Receiver Report and a Sender
  Report) the RTCP stack will incorrectly store report
  information outside of allocated memory potentially causing
  a crash.

For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/certified-asterisk/ChangeLog...

The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-012.html
http://downloads.asterisk.org/pub/security/AST-2017-012.pdf

Thank you for your continued support of Asterisk

 


AST-2017-013: DOS Vulnerability in Asterisk chan_skinny

Dec 1, 2017


AST-2017-011: Memory leak in pjsip session resource

Nov 8, 2017


AST-2017-010: Buffer overflow in CDR's set user

Nov 8, 2017


Pages

Subscribe to