similar to: AST-2020-002: Outbound INVITE loop on challenge with different nonce.

The Asterisk Development Team would like to announce security releases for Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in res_pjsip_session Nature of Advisory Denial of service Susceptibility Remote authenticated sessions Severity

Asterisk Project Security Advisory - Product Asterisk Summary Re-invite with T.38 and malformed SDP causes crash. Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2019-006 Product Asterisk Summary SIP request can change address of a SIP peer. Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2014-002 Product Asterisk Summary Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-002 Product Asterisk Summary Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers Nature of Advisory Denial of Service Susceptibility Remote

Asterisk Project Security Advisory - AST-2019-007 Product Asterisk Summary AMI user could execute system commands. Nature of Advisory Remote Code Execution Susceptibility Remote Authenticated Sessions Severity Minor

Asterisk Project Security Advisory - AST-2018-006 Product Asterisk Summary WebSocket frames with 0 sized payload causes DoS Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2016-004 Product Asterisk Summary Long Contact URIs in REGISTER requests can crash Asterisk Nature of Advisory Remote Crash Susceptibility Remote

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2014-001 Product Asterisk Summary Stack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate

Asterisk Project Security Advisory - AST-2017-006 Product Asterisk Summary Shell access command injection in app_minivm Nature of Advisory Unauthorized command execution Susceptibility Remote Authenticated Sessions Severity Moderate

Thanks for that info, Ben. I do like to test out the latest and most up-to-date versions of things when I can, so I'll check those files and see how it goes. On 2020-05-11 17:20, Ben Ford <bford at digium.com> put forth the proposition: > Hey Dave, > > In the case of 13 and 16, these are LTS versions which means that they get > long term service. 17 is a standard release.

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major

Asterisk Project Security Advisory - AST-2016-005 Product Asterisk Summary TCP denial of service in PJProject Nature of Advisory Crash/Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical

Asterisk Project Security Advisory - AST-2017-005 Product Asterisk Summary Media takeover in RTP stack Nature of Advisory Unauthorized data disclosure Susceptibility Remote Unauthenticated Sessions Severity Critical

The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert5. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5 and https://downloads.asterisk.org/pub/telephony/certified-asterisk The following security advisories were resolved in this release:

The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert5. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5 and https://downloads.asterisk.org/pub/telephony/certified-asterisk The following security advisories were resolved in this release:

George, I have the detailed log below. (Resending after trimming the email to 40KB.) The sequence below just repeats ad-nauseam. Is this a SIP trunk issue? Thanks! --------------------- Transmitting SIP request (885 bytes) to UDP:65.254.44.194:5060 ---> INVITE sip:12025551212 at 65.254.44.194:5060 SIP/2.0 Via: SIP/2.0/UDP 18.18.19.123:5060