| Summary: | Asterisk 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5 Now Available (Security) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | RPM Packages | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED INVALID | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | alien, ouaurelien |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/ | ||
| Whiteboard: | |||
| Source RPM: | asterisk | CVE: | |
| Status comment: | |||
I really can't find an asterisk package in our repo. CC:
(none) =>
ouaurelien Indeed we haven't packaged it in years. CC'ing a packager who's looking to possibly bring it back. Also noting that it apparently has a mailing list: http://lists.digium.com/mailman/listinfo/asterisk-announce Status:
UNCONFIRMED =>
RESOLVED Pull from Rosa then. No. |
The following security vulnerabilities were resolved in these versions: AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. AST-2020-002: Outbound INVITE loop on challenge with different nonce. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For a full list of changes in the current releases, please see the ChangeLogs: