On Fri, Nov 6, 2020 at 12:27 AM Asterisk Development Team < asteriskt...@digium.com> wrote:
> The Asterisk Development Team would like to announce security releases for > Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available > releases > are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5. > > These releases are available for immediate download at > > https://downloads.asterisk.org/pub/telephony/asterisk/releases > https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases > > The following security vulnerabilities were resolved in these versions: > > > - AST-2020-001: Remote crash in res_pjsip_session > Upon receiving a new SIP Invite, Asterisk did not return the created > dialog > locked or referenced. > > - AST-2020-002: Outbound INVITE loop on challenge with different nonce. > If Asterisk is challenged on an outbound INVITE and the nonce is > changed in > each response, Asterisk will continually send INVITEs in a loop. This > causes > Asterisk to consume more and more memory since the transaction will > never > terminate (even if the call is hung up), ultimately leading to a > restart or > shutdown of Asterisk. Outbound authentication must be configured on the > endpoint for this to occur. > > > For a full list of changes in the current releases, please see the > ChangeLogs: > > ChangeLog-13.37.1 > <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1> > ChangeLog-16.14.1 > <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.14.1> > ChangeLog-17.8.1 > <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.8.1> > ChangeLog-18.0.1 > <https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.0.1> > ChangeLog-certified-16.8-cert5 > <https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert5> > > The security advisories are available at: > > AST-2020-001.pdf > <https://downloads.asterisk.org/pub/security/AST-2020-001.pdf> > AST-2020-002.pdf > <https://downloads.asterisk.org/pub/security/AST-2020-002.pdf> > > Thank you for your continued support of Asterisk! > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
