The Asterisk Development Team has announced security releases for Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of these versions resolves the following security vulnerabilities:
* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
If a compound RTCP packet is received containing more than
one report (for example a Receiver Report and a Sender
Report) the RTCP stack will incorrectly store report
information outside of allocated memory potentially causing
For a full list of changes in the current releases, please see the ChangeLogs:
The security advisories are available at:
Thank you for your continued support of Asterisk!