Asterisk Development Team
2018-Nov-14 17:10 UTC
[asterisk-announce] Asterisk 15.6.2 and 16.0.1 Now Available (Security)
The Asterisk Development Team would like to announce security releases for Asterisk 15 and 16. The available releases are released as versions 15.6.2 and 16.0.1. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases The following security vulnerabilities were resolved in these versions: There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker���s request causes Asterisk to segfault and crash. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.6.2 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.0.1 The security advisory is available at: https://downloads.asterisk.org/pub/security/AST-2018-010.pdf Thank you for your continued support of Asterisk! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-announce/attachments/20181114/23e7a6fa/attachment.html>
Maybe Matching Threads
- AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups
- AST-2018-010:
- Asterisk 13.23.1, 14.7.8, 15.6.1 and 13.21-cert3 Now Available (Security)
- Asterisk 15.4.1, 13.21.1, 14.7.7, 13.18-cert4 and 13.21-cert2 Now Available (Security)
- Asterisk 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4 Now Available (Security)
Wisdom of the Ancients
