Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora 42 Asterisk 18.26.4 Important Buffer Overflow DoS CVE-2024-42365

fedora
Calendar Grey April 30, 2026
Dist Fedora Esm H88
Update to Asterisk 18.26.4 resolves multiple security threats to enhance system integrity and performance.
Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package

Summary

Asterisk is a complete PBX in software. It runs on Linux and provides

all of the features you would expect from a PBX and more. Asterisk

does voice over IP in three protocols, and can interoperate with

almost all standards-based telephony equipment using relatively

inexpensive hardware.

Update Information:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update: CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323 CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header CVE-2025-1131 (fixed in 18.26...

Change Log

* Fri Apr 10 2026 Peter Lemenkov - 18.26.4-1 - Update to upstream 18.26.4 release. * Fri Jan 23 2026 Benjamin A. Beasley - 18.12.1-1.18 - Rebuilt for net-snmp 5.9.5.2 * Fri Jan 16 2026 Fedora Release Engineering - 18.12.1-1.17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering - 18.12.1-1.16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Jul 23 2025 Fedora Release Engineering - 18.12.1-1.15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Feb 11 2025 Zbigniew J\u0119drzejewski-Szmek - 18.12.1-1.14 - Add sysusers.d config file to allow rpm to create users/groups automatically * Sat Feb 1 2025 Bjrn Esser - 18.12.1-1.13 - Add explicit BR: libxcrypt-devel

References


[ 1 ] Bug #2076245 - CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 asterisk: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2076245 [ 2 ] Bug #2150945 - CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2150945 [ 3 ] Bug #2150951 - CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2150951 [ 4 ] Bug #2254627 - TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254627 [ 5 ] Bug #2254632 - TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254632 [ 6 ] Bug #2254635 - TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol trigge...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-98decbde87' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: asterisk
Product: Fedora 42
Version: 18.26.4
Release: 1.fc42
Summary: The Open Source PBX

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here