| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <01000198f1302534-8286bf0b-a7d2-4a65-aaad-b3f13635abeb-000000@email.amazonses.com> Date: Thu, 28 Aug 2025 14:58:41 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclosure@...lists.org> To: asterisk-dev@...ups.io, fulldisclosure@...lists.org, asterisk+news@...coursemail.com Cc: Asterisk Development Team <asteriskteam@...goma.com> Subject: [FD] Asterisk Security Release 18.26.4 The Asterisk Development Team would like to announce security release Asterisk 18.26.4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.4 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.4 ## Change Log for Release asterisk-18.26.4 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.4.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.26.3...18.26.4) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.4.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-557q-795j-wfx2](https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2): Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources ### User Notes: ### Upgrade Notes: ### Developer Notes: ### Commit Authors: - George Joseph: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-557q-795j-wfx2: Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources ### Commits By Author: - #### George Joseph (1): - pjproject: Update bundled to 2.15.1. ### Commit List: - pjproject: Update bundled to 2.15.1. ### Commit Details: #### pjproject: Update bundled to 2.15.1. Author: George Joseph Date: 2025-08-25 This resolves a security issue where RTP ports weren't being released causing possible resource exhaustion issues. Resolves: #GHSA-557q-795j-wfx2 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists