similar to: AST-2019-006: SIP request can change address of a SIP peer.

The Asterisk Development Team would like to announce security releases for Asterisk 13, 16 and 17, and Certified Asterisk 13.21. The available releases are released as versions 13.29.2, 16.6.2, 17.0.1 and 13.21-cert5. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - Product Asterisk Summary Re-invite with T.38 and malformed SDP causes crash. Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2019-007 Product Asterisk Summary AMI user could execute system commands. Nature of Advisory Remote Code Execution Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory – AST-2020-002 Product Asterisk Summary Outbound INVITE loop on challenge with different nonce. Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2018-006 Product Asterisk Summary WebSocket frames with 0 sized payload causes DoS Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2017-006 Product Asterisk Summary Shell access command injection in app_minivm Nature of Advisory Unauthorized command execution Susceptibility Remote Authenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in res_pjsip_session Nature of Advisory Denial of service Susceptibility Remote authenticated sessions Severity

Thanks for that info, Ben. I do like to test out the latest and most up-to-date versions of things when I can, so I'll check those files and see how it goes. On 2020-05-11 17:20, Ben Ford <bford at digium.com> put forth the proposition: > Hey Dave, > > In the case of 13 and 16, these are LTS versions which means that they get > long term service. 17 is a standard release.

Asterisk Project Security Advisory - AST-2016-004 Product Asterisk Summary Long Contact URIs in REGISTER requests can crash Asterisk Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2019-002 Product Asterisk Summary Remote crash vulnerability with MESSAGE messages Nature of Advisory Denial Of Service Susceptibility Remote Authenticated Sessions Severity Low

Asterisk Project Security Advisory - AST-2019-003 Product Asterisk Summary Remote Crash Vulnerability in chan_sip channel driver Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2016-005 Product Asterisk Summary TCP denial of service in PJProject Nature of Advisory Crash/Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2014-002 Product Asterisk Summary Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-002 Product Asterisk Summary Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2011-006 Product Asterisk Summary Asterisk Manager User Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2013-006 Product Asterisk Summary Buffer Overflow when receiving odd length 16 bit SMS message Nature of Advisory Buffer Overflow and Remote Crash Susceptibility Remote