[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] asterisk release 20.5.1
From:       Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists ! org>
Date:       2023-12-14 20:02:51
Message-ID: dcb3b52e-94d6-bf04-bc0e-f5f97c2f4b26 () sangoma ! com
[Download RAW message or body]

The Asterisk Development Team would like to announce security release  
Asterisk 20.5.1.

The release artifacts are available for immediate download at  
https://github.com/asterisk/asterisk/releases/tag/20.5.1
and
https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
- [Path traversal via AMI GetConfig allows access to outside \
                files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f)
                
- [Asterisk susceptible to Denial of Service via DTLS Hello packets during call \
                initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq)
                
- [PJSIP logging allows attacker to inject fake Asterisk log entries \
                ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7)
- [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using \
'update'](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh)


Change Log for Release asterisk-20.5.1
========================================

Links:
----------------------------------------

 - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.5.1.md) \
                
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.5.0...20.5.1)  
 - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.5.1.tar.gz)  
 - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  

Summary:
----------------------------------------

- res_pjsip_header_funcs: Duplicate new header value, don't copy.
- res_pjsip: disable raw bad packet logging
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
- manager.c: Prevent path traversal with GetConfig.

User Notes:
----------------------------------------


Upgrade Notes:
----------------------------------------


Closed Issues:
----------------------------------------

None
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic