Asterisk Development Team
2019-Sep-05 14:49 UTC
[asterisk-users] Asterisk 13.28.1, 15.7.4 and 16.5.1 Now Available (Security)
The Asterisk Development Team would like to announce security releases for Asterisk 13, 15 and 16. The available releases are released as versions 13.28.1, 15.7.4 and 16.5.1. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases The following security vulnerabilities were resolved in these versions: * AST-2019-004: Crash when negotiating for T.38 with a declined stream When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk. * AST-2019-005: Remote Crash Vulnerability in audio transcoding When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.28.1 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.7.4 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.5.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2019-004.pdf https://downloads.asterisk.org/pub/security/AST-2019-005.pdf Thank you for your continued support of Asterisk! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20190905/550480de/attachment.html>