similar to: AST-2018-002: Crash when given an invalid SDP media format description

Asterisk Project Security Advisory - AST-2018-003 Product Asterisk Summary Crash with an invalid SDP fmtp attribute Nature of Advisory Remote crash Susceptibility Remote Authenticated Sessions Severity Minor

The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are released as versions 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - AST-2018-004 Product Asterisk Summary Crash when receiving SUBSCRIBE request Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2018-005 Product Asterisk Summary Crash when large numbers of TCP connections are closed suddenly Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2017-014 Product Asterisk Summary Crash in PJSIP resource when missing a contact header Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility

Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote

Asterisk Project Security Advisory - AST-2018-007 Product Asterisk Summary Infinite loop when reading iostreams Nature of Advisory Denial of Service Susceptibility Remote Authenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility

Asterisk Project Security Advisory - AST-2014-018 Product Asterisk Summary AMI permission escalation through DB dialplan function Nature of Advisory Permission Escalation Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote

Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in res_pjsip_session Nature of Advisory Denial of service Susceptibility Remote authenticated sessions Severity

Asterisk Project Security Advisory - AST-2017-001 Product Asterisk Summary Buffer overflow in CDR's set user Nature of Advisory Buffer Overflow Susceptibility Remote Authenticated Sessions Severity

Asterisk Project Security Advisory - AST-2017-011 Product Asterisk Summary Memory leak in pjsip session resource Nature of Advisory Memory leak Susceptibility Remote Sessions Severity Minor

Asterisk Project Security Advisory - AST-2019-004 Product Asterisk Summary Crash when negotiating for T.38 with a declined stream Nature of Advisory Remote Crash Susceptibility Remote

Hi Kevin! Thanks very much for your reply! Much appreciated! So I just have a remaining question from this, if the with-ssl is not mandatory to have the encryption support, what is it actually used for? Maybe it is some old flag which is not needed anymore and so can be ignored for now and possibly removed from the configure/makefile stuff for future releases? Kind regards, Patrick Wakano On

Asterisk Project Security Advisory - AST-2018-001 Product Asterisk Summary Crash when receiving unnegotiated dynamic payload Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Major

The Asterisk Development Team would like to announce the release of Certified Asterisk 13.18-cert1. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/certified-asterisk The release of Certified Asterisk 13.18-cert1 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following

The Asterisk Development Team would like to announce the release of Asterisk 16.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 16.0.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: