Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 44 Asterisk Essential Security Updates for CVE-2026-38d71393c1

fedora
Calendar Grey April 30, 2026
Dist Fedora Esm H88
This advisory addresses critical security issues in Asterisk 18.26.4 on Fedora 44 with multiple CVEs.
Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package

Summary

Asterisk is a complete PBX in software. It runs on Linux and provides

all of the features you would expect from a PBX and more. Asterisk

does voice over IP in three protocols, and can interoperate with

almost all standards-based telephony equipment using relatively

inexpensive hardware.

Update Information:

Update to Asterisk 18.26.4, addressing numerous security vulnerabilities accumulated since the long-stale 18.12.1 package. The following CVEs are fixed in this update: CVE-2022-26498 (fixed in 18.13.0): use-after-free in chan_ooh323 CVE-2022-42705 (fixed in 18.15.0): use-after-free in res_pjsip_pubsub CVE-2022-37325 (fixed in 18.15.1): crash in H323 channel via malformed IE CVE-2023-37457 (fixed in 18.20.0): buffer overflow in PJSIP_HEADER function CVE-2023-49294 (fixed in 18.20.1): arbitrary file read via AMI GetConfig CVE-2023-49786 (fixed in 18.20.1): DTLS race condition causing DoS CVE-2024-35190 (fixed in 18.23.1): unauthorized SIP requests matched as endpoint CVE-2024-42365 (fixed in 18.24.2): Write=originate allows code execution CVE-2024-42491 (fixed in 18.25.0): crash via malformed Contact/Record-Route URI CVE-2025-49832 (fixed in 18.26.3): DoS/RCE in res_stir_shaken CVE-2025-47779 (fixed in 18.26.2): identity forging via malformed From header CVE-2025-1131 (...

Topics%20covered

Topics Covered

security advisory denial of service fedora remote code execution important Asterisk

Change Log

* Fri Apr 10 2026 Peter Lemenkov - 18.26.4-1 - Update to upstream 18.26.4 release. * Fri Jan 23 2026 Benjamin A. Beasley - 18.12.1-1.18 - Rebuilt for net-snmp 5.9.5.2

References


[ 1 ] Bug #2076245 - CVE-2022-26498 CVE-2022-26499 CVE-2022-26651 asterisk: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2076245 [ 2 ] Bug #2150945 - CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2150945 [ 3 ] Bug #2150951 - CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2150951 [ 4 ] Bug #2254627 - TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254627 [ 5 ] Bug #2254632 - TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254632 [ 6 ] Bug #2254635 - TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS proto...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-38d71393c1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: asterisk
Product: Fedora 44
Version: 18.26.4
Release: 1.fc44
URL: http://www.asterisk.org/
Summary: The Open Source PBX

Topics%20covered

Topics Covered

security advisory denial of service fedora remote code execution important Asterisk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here