<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">---------- Forwarded message ---------<br>From: Asterisk Development Team <<a href="mailto:asteriskteam@digium.com">asteriskteam@digium.com</a>><br>Date: ter, 19 de set de 2017 às 14:35<br>Subject: [asterisk-dev] Asterisk 11.25.3, 13.17.2, 14.6.2, Asterisk 11.6-cert18, Asterisk 13.13-cert6 Now Available (Security Release)<br>To: Asterisk Developers Mailing List <<a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a>><br></div><br><br><div dir="ltr"><div>The Asterisk Development Team has announced security releases for Asterisk 11, 13, and 14, and for Certified Asterisk 11.6 and 13.13. The available security release versions are 11.25.3, 13.17.2, 14.6.2, 11.6-cert18, and 13.13-cert6.</div><div><br></div><div>These releases are available for immediate download at</div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases</a></div><div><a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/" target="_blank">http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/</a></div><div><br></div><div>The release of these versions resolves the following security vulnerabilities:</div><div><br></div><div>* AST-2017-008: Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the “nat” and “symmetric_rtp” options allow redirecting where Asterisk sends the next RTCP report.</div><div><br></div><div>The RTP stream qualification to learn the source address of media always accepted the first RTP packet as the new source and allowed what AST-2017-005 was mitigating. The intent was to qualify a series of packets before accepting the new source address.</div><div><br></div><div>For a full list of changes in the current releases, please see the ChangeLogs:</div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.25.3" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.25.3</a></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.17.2" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.17.2</a></div><div><a href="http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.6.2" target="_blank">http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.6.2</a></div><div><br></div><div><a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-11.6-cert18" target="_blank">http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-11.6-cert18</a></div><div><a href="http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-13.13-cert6" target="_blank">http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-13.13-cert6</a></div><div><br></div><div>The security advisories are available at:</div><div><br></div><div> * <a href="http://downloads.asterisk.org/pub/security/AST-2017-008.pdf" target="_blank">http://downloads.asterisk.org/pub/security/AST-2017-008.pdf</a></div><div><br></div><div>Thank you for your continued support of Asterisk!</div></div>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a></div></div>