similar to: AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

The Asterisk Development Team has announced security releases for Certified Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following

Asterisk Project Security Advisory - AST-2016-001 Product Asterisk Summary BEAST vulnerability in HTTP server Nature of Advisory Unauthorized data disclosure due to man-in-the-middle attack Susceptibility Remote

Asterisk Project Security Advisory - AST-2016-002 Product Asterisk Summary File descriptor exhaustion in chan_sip Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2019-003 Product Asterisk Summary Remote Crash Vulnerability in chan_sip channel driver Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2015-002 Product Asterisk Summary Mitigation for libcURL HTTP request injection vulnerability Nature of Advisory HTTP request injection Susceptibility Remote

Asterisk Project Security Advisory - AST-2015-002 Product Asterisk Summary Mitigation for libcURL HTTP request injection vulnerability Nature of Advisory HTTP request injection Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-011 Product Asterisk Summary Asterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data Disclosure Susceptibility Remote Unauthenticated Sessions Severity Medium

Asterisk Project Security Advisory - AST-2014-011 Product Asterisk Summary Asterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data Disclosure Susceptibility Remote Unauthenticated Sessions Severity Medium

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The

Dear list, I've got the following setup : [FAX-ATA]--[PBX LAN]--[Firewall]--[PBX WAN]-----[upstream SIP] On the PBX's we run Asterisk 1.4.33 with t38pt_udptl=yes in [general]. The FAX ATA is a Teles VoIPBox with T.38 support (that works). On the PBX WAN, i see the following in udptl debug : Sent UDPTL packet to 172.16.0.156:4460 (type 0, seq 184, len 32) Got UDPTL packet from

Asterisk Project Security Advisory - AST-2014-003 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2014-003 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Hi all, Lately, I've been seeing more and more instances where I get a flood of warning messages like this: [Apr 26 14:09:50] WARNING[21054] udptl.c: No UDPTL ports remaining The next thing I know, my server is dropping calls and starting to misbehave. I use fax via T.38, so I can't just turn udptl off. I could expand the port range, but I suspect that will just mask the situation.

Hello guys. When I am trying to send fax through T38 to linksys SPA (properly configured etc. - I have tried it with other systems), I'm getting error and fax is not delivered. I'm getting this errors in asterisk.log: WARNING[687] udptl.c: No UDPTL ports remaining ERROR[687] chan_sip.c: UDPTL creation failed WARNING[687] udptl.c: No UDPTL ports remaining then, couple lines down:

Hi, I configured Asterisk 10 for inbound fax, for couple of weeks I didn't see any issues until today. The setup I configured for inbound fax is quite simple i.e. Cisco Voice GW sends the fax calls to Asterisk using T.38 protocol and later Asterisk stores/forwards the fax to specific end user. The configuration I made in sip.conf for enabling T38 is listed below; t38pt_udptl =

Hi, I'm using asterisk 1.2.1. Is there anybody out there who knows what this warning means? *WARNING: chan_sip.c:3470 process_sdp: Unknown SDP media type in offer: image 5004 udptl t38* Google does not help at all. TIA Giorgio Incantalupo

Asterisk Project Security Advisory - AST-2014-012 Product Asterisk Summary Mixed IP address families in access control lists may permit unwanted traffic. Nature of Advisory Unauthorized Access Susceptibility Remote