[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ceb67382-6a84-4e9a-9d02-23444d39b23e@oracle.com>
Date: Tue, 21 May 2024 09:26:01 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: asterisk security releases 18.23.1, 20.8.1, & 21.3.1
All three releases address
https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9
"res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests"
"ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server."
"Impact: Unauthorized access/calls"
-------- Forwarded Message --------
Subject: [FD] asterisk release 18.23.1
Date: Fri, 17 May 2024 16:46:28 +0000
From: Asterisk Development Team via Fulldisclosure <fulldisclosure@...lists.org>
Reply-To: no-reply@...goma.com
To: asterisk-dev@...ups.io, voipsec@...psa.org, fulldisclosure@...lists.org, asterisk+news@...coursemail.com
CC: Asterisk Development Team <asteriskteamsa@...goma.com>
The Asterisk Development Team would like to announce security release
Asterisk 18.23.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.23.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.23.1
## Change Log for Release asterisk-18.23.1
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.23.1.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.23.0...18.23.1)
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.23.1.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (1)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
-------- Forwarded Message --------
Subject: [FD] asterisk release 20.8.1
Date: Fri, 17 May 2024 16:50:51 +0000
From: Asterisk Development Team via Fulldisclosure <fulldisclosure@...lists.org>
Reply-To: no-reply@...goma.com
To: asterisk-dev@...ups.io, voipsec@...psa.org, fulldisclosure@...lists.org, asterisk+news@...coursemail.com
CC: Asterisk Development Team <asteriskteamsa@...goma.com>
The Asterisk Development Team would like to announce security release
Asterisk 20.8.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.8.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.8.1
## Change Log for Release asterisk-20.8.1
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.8.1.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.8.0...20.8.1)
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.8.1.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (1)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
-------- Forwarded Message --------
Subject: [FD] asterisk release 21.3.1
Date: Fri, 17 May 2024 16:50:04 +0000
From: Asterisk Development Team via Fulldisclosure <fulldisclosure@...lists.org>
Reply-To: no-reply@...goma.com
To: asterisk-dev@...ups.io, voipsec@...psa.org, fulldisclosure@...lists.org, asterisk+news@...coursemail.com
CC: Asterisk Development Team <asteriskteamsa@...goma.com>
The Asterisk Development Team would like to announce security release
Asterisk 21.3.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.3.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.3.1
## Change Log for Release asterisk-21.3.1
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.3.1.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.3.0...21.3.1)
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.3.1.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (1)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
