similar to: AST-2018-008: PJSIP endpoint presence disclosure when using ACL

The Asterisk Development Team would like to announce security releases for Asterisk 15, 13 and 14, and Certified Asterisk 13.18 and 13.21. The available releases are released as versions 15.4.1, 13.21.1, 14.7.7, 13.18-cert4 and 13.21-cert2. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - AST-2017-008 Product Asterisk Summary RTP/RTCP information leak Nature of Advisory Unauthorized data disclosure Susceptibility Remote Unauthenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2018-009 Product Asterisk Summary Remote crash vulnerability in HTTP websocket upgrade Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2019-002 Product Asterisk Summary Remote crash vulnerability with MESSAGE messages Nature of Advisory Denial Of Service Susceptibility Remote Authenticated Sessions Severity Low

Asterisk Project Security Advisory - Product Asterisk Summary Re-invite with T.38 and malformed SDP causes crash. Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2019-003 Product Asterisk Summary Remote Crash Vulnerability in chan_sip channel driver Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2016-008 Product Asterisk Summary Crash on SDP offer or answer from endpoint using Opus Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote

The Asterisk Development Team would like to announce security releases for Asterisk 13, 15 and 16, and Certified Asterisk 13.21. The available releases are released as versions 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - AST-2017-002 Product Asterisk Summary Buffer Overrun in PJSIP transaction layer Nature of Advisory Buffer Overrun/Crash Susceptibility Remote Unauthenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2017-003 Product Asterisk Summary Crash in PJSIP multi-part body parser Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2017-014 Product Asterisk Summary Crash in PJSIP resource when missing a contact header Nature of Advisory Remote Crash Susceptibility Remote

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert7, 11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases These releases resolve security

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert7, 11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases These releases resolve security

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Hello List I am in the progress of migrating from chan_sip to pjsip. I fear I have missed something on how hints need to be specified for pjsip. For chan_sip I have configured sip.conf subscribecontext = localuser and in the dialplan I set: [localuser] exten => 11,hint,SIP/11 Now if a phone subscribes to '11' this works. Now I try to get the same working for pjsip. I understood

Hi Joshua > The chan_pjsip module doesn't prevent that. You'd need to provide the > full SUBSCRIBE now that it is actually finding the endpoint and coming > in. Ok, let's see if we can solve the mystery.. pjsip.conf [endpt-home](!) type=endpoint disallow=all allow=g722 allow=alaw allow=gsm ice_support=yes context=from-home allow_subscribe=yes

Hi Joshua thank you for the quick reply > Have you checked the Asterisk console when PJSIP is loaded to see if > the endpoint did not load for some reason? Does it show up in "pjsip > show endpoints"? Yes, the endpoint shows up. Endpoint: 11/(scrubbed from mail) Not in use 0 of inf InAuth: 11/11 Aor: 11