Asterisk Release 18.20.1

Home » Uncategorized » Asterisk Release 18.20.1
Uncategorized No Comments

The Asterisk Development Team would like to announce security release
Asterisk 18.20.1.

The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.20.1
and https://downloads.asterisk.org/pub/telephony/asterisk

The following security advisories were resolved in this release:
– [Path traversal via AMI GetConfig allows access to outside files](https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f)
– [Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation](https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq)
– [PJSIP logging allows attacker to inject fake Asterisk log entries ](https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7)
– [PJSIP_HEADER dialplan function can overwrite memory/cause crash when using ‘update’](https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh)

Change Log for Release asterisk-18.20.1
========================================

Links:
—————————————-

– [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.20.1.md)
– [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.20.0…18.20.1)
– [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.20.1.tar.gz)
– [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)

Summary:
—————————————-

– res_pjsip_header_funcs: Duplicate new header value, don’t copy.
– res_pjsip: disable raw bad packet logging
– res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
– manager.c: Prevent path traversal with GetConfig.

User Notes:
—————————————-

Upgrade Notes:
—————————————-

Closed Issues:
—————————————-

None