similar to: AST-2018-001: Crash when receiving unnegotiated dynamic payload

The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are released as versions 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - AST-2018-004 Product Asterisk Summary Crash when receiving SUBSCRIBE request Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Major

The Asterisk Development Team would like to announce the release of Asterisk 15.3.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 15.3.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release:

Asterisk Project Security Advisory - AST-2018-006 Product Asterisk Summary WebSocket frames with 0 sized payload causes DoS Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2018-002 Product Asterisk Summary Crash when given an invalid SDP media format description Nature of Advisory Remote crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2018-003 Product Asterisk Summary Crash with an invalid SDP fmtp attribute Nature of Advisory Remote crash Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2018-005 Product Asterisk Summary Crash when large numbers of TCP connections are closed suddenly Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SIP responses expose valid usernames |

Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote

Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote

The Asterisk Development Team would like to announce the release of Asterisk 16.9.0. This release is available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 16.9.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release:

The Asterisk Development Team would like to announce the release of Asterisk 16.9.0. This release is available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 16.9.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release:

The Asterisk Development Team would like to announce the release of Asterisk 17.3.0. This release is available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 17.3.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release:

The Asterisk Development Team would like to announce the release of Asterisk 17.3.0. This release is available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 17.3.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release:

Asterisk Project Security Advisory - AST-2009-007 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | ACL not respected on SIP INVITE |

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 |

Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 |

Asterisk Project Security Advisory - AST-2007-022 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Buffer overflows in voicemail when using IMAP | | |