The earlier release announcement should NOT have had any User or Upgrade

The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert6.

The release artifacts are available for immediate download at

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside files](
- [Asterisk susceptible to Denial of Service via DTLS Hello packets during
call initiation](
- [PJSIP logging allows attacker to inject fake Asterisk log entries ](
- [PJSIP_HEADER dialplan function can overwrite memory/cause crash when
using 'update'](

Change Log for Release asterisk-certified-18.9-cert6


 - [Full ChangeLog](

 - [GitHub Diff](

 - [Tarball](

 - [Downloads](


- res_pjsip_header_funcs: Duplicate new header value, don't copy.
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
- manager.c: Prevent path traversal with GetConfig.
- res_pjsip: disable raw bad packet logging

User Notes:

Upgrade Notes:

Closed Issues:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Reply via email to