oss-sec mailing list archives
asterisk security releases 18.23.1, 20.8.1, & 21.3.1
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 21 May 2024 09:26:01 -0700
All three releases address https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 "res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests" "ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server." "Impact: Unauthorized access/calls" -------- Forwarded Message -------- Subject: [FD] asterisk release 18.23.1 Date: Fri, 17 May 2024 16:46:28 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists org> Reply-To: no-reply () sangoma com To: asterisk-dev () groups io, voipsec () voipsa org, fulldisclosure () seclists org, asterisk+news () discoursemail com CC: Asterisk Development Team <asteriskteamsa () sangoma com> The Asterisk Development Team would like to announce security release Asterisk 18.23.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.23.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.23.1 ## Change Log for Release asterisk-18.23.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.23.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.23.0...18.23.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.23.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/ -------- Forwarded Message -------- Subject: [FD] asterisk release 20.8.1 Date: Fri, 17 May 2024 16:50:51 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists org> Reply-To: no-reply () sangoma com To: asterisk-dev () groups io, voipsec () voipsa org, fulldisclosure () seclists org, asterisk+news () discoursemail com CC: Asterisk Development Team <asteriskteamsa () sangoma com> The Asterisk Development Team would like to announce security release Asterisk 20.8.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.8.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.8.1 ## Change Log for Release asterisk-20.8.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.8.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.8.0...20.8.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.8.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/ -------- Forwarded Message -------- Subject: [FD] asterisk release 21.3.1 Date: Fri, 17 May 2024 16:50:04 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclosure () seclists org> Reply-To: no-reply () sangoma com To: asterisk-dev () groups io, voipsec () voipsa org, fulldisclosure () seclists org, asterisk+news () discoursemail com CC: Asterisk Development Team <asteriskteamsa () sangoma com> The Asterisk Development Team would like to announce security release Asterisk 21.3.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.3.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.3.1 ## Change Log for Release asterisk-21.3.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.3.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.3.0...21.3.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.3.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- asterisk security releases 18.23.1, 20.8.1, & 21.3.1 Alan Coopersmith (May 21)