This week, we’re pleased to say that we’ve updated the Asterisk 13, 15 and master branches’ bundled version of pjproject to 2.7.1. This release contains a fix for an important security issue and we urge all users to upgrade accordingly. https://downloads.asterisk.org/pub/security/AST-2017-009.html https://issues.asterisk.org/jira/browse/ASTERISK-27319 Thanks to Youngsung Kim at LINE Corporation for finding and reporting the original issue.
Inside the Asterisk
[dropshadowbox align=”none” effect=”lifted-both” width=”auto” height=”” background_color=”#ffffff” border_width=”1″ border_color=”#dddddd” ]tl;dr: We fixed the vulnerabilities. If you’d like to read the conclusion of this admittedly long saga, scroll down to the Conclusion at the end.[/dropshadowbox] Overview This month, the Asterisk project performed two security releases to address an unauthorized RTP data disclosure vulnerability in its real-time transport