Certified Asterisk Security Release certified-18.9-cert17
Asterisk团队发布了安全更新版本18.9-cert17,修复了一个可能导致资源耗尽的远程拒绝服务漏洞。该漏洞涉及RTP UDP端口和内部资源泄漏问题。 2025-9-8 22:6:6 Author: seclists.org(查看原文) 阅读量:7 收藏
Asterisk团队发布了安全更新版本18.9-cert17,修复了一个可能导致资源耗尽的远程拒绝服务漏洞。该漏洞涉及RTP UDP端口和内部资源泄漏问题。 2025-9-8 22:6:6 Author: seclists.org(查看原文) 阅读量:7 收藏
Full Disclosure mailing list archives
From: George Joseph via Fulldisclosure <fulldisclosure () seclists org>
Date: Thu, 28 Aug 2025 15:33:49 +0000
The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert17. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert17 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert17 ## Change Log for Release asterisk-certified-18.9-cert17 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-18.9-cert17.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-18.9-cert16...certified-18.9-cert17) - [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-18.9-cert17.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-557q-795j-wfx2](https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2): Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources ### User Notes: ### Upgrade Notes: ### Developer Notes: ### Commit Authors: - George Joseph: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-557q-795j-wfx2: Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources ### Commits By Author: - #### George Joseph (1): - pjproject: Update bundled to 2.15.1. ### Commit List: - pjproject: Update bundled to 2.15.1. ### Commit Details: #### pjproject: Update bundled to 2.15.1. Author: George Joseph Date: 2025-08-25 This resolves a security issue where RTP ports weren't being released causing possible resource exhaustion issues. Resolves: #GHSA-557q-795j-wfx2 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Certified Asterisk Security Release certified-18.9-cert17 George Joseph via Fulldisclosure (Sep 08)
文章来源: https://seclists.org/fulldisclosure/2025/Sep/4
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh