ASTERWEB Blog

18Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.24, 1.6.2.17.2 e 1.8.3.2

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.24, 1.6.2.17.2 e 1.8.3.2 (Security Releases)

Dal post originale:

This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.23, 1.6.2.17.1 e 1.8.3.1

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.23, 1.6.2.17.1 e 1.8.3.1 (Security Releases)

Dal post originale:

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-004: Remote crash vulnerability in TCP/TLS server

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-003: Resource exhaustion in Asterisk Manager Interface

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf

4Mar/110

Rilasciata 2.4.1 di DAHDI-Linux e DAHDI-Tools

logoasterisk

Il giorno 3 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione 2.4.1 di DAHDI-Linux e DAHDI-Tools.

Dal post originale:

2.4.1 is a maintenance release of the DAHDI drivers and tools packages. Some of the more notable changes are:

  • Support for compilation against kernel versions from 2.6.9 up to and including 2.6.38-rc6.
  • wct4xxp: PCI-express cards go through an extended reset at start by default.
  • wcte12xp, wctdm24xxp: Disable read-line multiple PCI command, which increases compatibility in some systems.
  • xpp: Fixes init error for PRI devices with < 4 ports.
  • tonezone: Add Macao, China to tone zone data.
  • dahdi_genconf: Don't generate configurations that use channel 16 on E1 CAS.

For a full list of changes in these releases, please see the ChangeLogs at http://svn.asterisk.org/svn/dahdi/linux/tags/2.4.1/ChangeLog and http://svn.asterisk.org/svn/dahdi/tools/tags/2.4.1/ChangeLog

Issues found in these release candidates can be reported in the DAHDI-linux or DAHDI-tools project at https://issues.asterisk.org

Inserito in: Asterisk Nessun commento
1Mar/110

Rilasciato Asterisk 1.8.4-rc2

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4-rc2

Dal post originale:

The release of Asterisk 1.8.4-rc2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

  • Resolution of several DTMF based attended transfer issues.
    (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchuan, grecco. Patched by rmudgett)
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve deadlocks related to device states in chan_sip
    (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
  • Resolve an issue with the Asterisk manager interface leaking memory when
    disabled.
    (Reported internally by kmorgan. Patched by russellb)
  • Support greetingsfolder as documented in voicemail.conf.sample.
    (Closes issue #17870. Reported by edhorton. Patched by seanbright)
  • Fix channel redirect out of MeetMe() and other issues with channel softhangup
    (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
    Patched by russellb)
  • Fix voicemail sequencing for file based storage.
    (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
    jpeeler)
  • Set hangup cause in local_hangup so the proper return code of 486 instead of
    503 when using Local channels when the far sides returns a busy. Also affects
    CCSS in Asterisk 1.8+.
    (Patched by twilson)
  • Fix issues with verbose messages not being output to the console.
    (Closes issue #18580. Reported by pabelanger. Patched by qwell)

Asterisk 1.8.4-rc1 was not released due to a blocking issue found prior to
release. An additional fix was merged into Asterisk 1.8.4-rc2:

  • Fix Deadlock with attended transfer of SIP call
    (Closes issue #18837. Reported, patched by alecdavis. Tested by
    alecdavid, Irontec, ZX81, cmaj)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4-rc2


1Mar/110

Rilasciato Asterisk 1.6.2.18-rc1

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.18-rc1

Dal post originale:

The following is a sample of the issues resolved in this release candidate:

  • Only offer codecs both sides support for directmedia.
    (Closes issue #17403. Reported, patched by one47)
  • Resolution of several DTMF based attended transfer issues.
    (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchuan, grecco. Patched by rmudgett)
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve deadlocks related to device states in chan_sip
    (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
  • Fix channel redirect out of MeetMe() and other issues with channel softhangup
    (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
    Patched by russellb)
  • Fix voicemail sequencing for file based storage.
    (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
    jpeeler)
  • Guard against retransmitting BYEs indefinitely during attended transfers with
    chan_sip.
    (Review: https://reviewboard.asterisk.org/r/1077/)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18-rc1

1Mar/110

Rilasciato Asterisk 1.4.41-rc1

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.41-rc1

Dal post originale:

The following is a sample of the issues resolved in this release candidate:

  • Only offer codecs both sides support for directmedia.
    (Closes issue #17403. Reported, patched by one47)
  • Resolution of several DTMF based attended transfer issues.
    (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchuan, grecco. Patched by rmudgett)
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Fix channel redirect out of MeetMe() and other issues with channel softhangup
    (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
    Patched by russellb)
  • Fix voicemail sequencing for file based storage.
    (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
    jpeeler)
  • Guard against retransmitting BYEs indefinitely during attended transfers with
    chan_sip.
    (Review: https://reviewboard.asterisk.org/r/1077/)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.41-rc1

Inserito in: Asterisk Nessun commento
1Mar/110

Rilasciato Asterisk 1.8.3

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.3

Dal post originale:

The following is a sample of the issues resolved in this release:

  • Resolve duplicated data in the AstDB when using DIALGROUP()
    (Closes issue #18091. Reported by bunny. Patched by tilghman)
  • Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses.
    (Closes issue #18464. Reported, patched by IgorG)
  • Reworking parsing of mwi => lines to resolve a segfault. Also add a set of
    unit tests for the function that does the parsing.
    (Closes issue #18350. Reported by gbour. Patched by Marquis)
  • When using cdr_pgsql the billsec field was not populated correctly on
    unanswered calls.
    (Closes issue #18406. Reported by joscas. Patched by tilghman)
  • Resolve memory leak in iCalendar and Exchange calendaring modules.
    (Closes issue #18521. Reported, patched by pitel. Tested by cervajs)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)
  • Resolve issue where no Music On Hold may be triggered when using
    res_timing_dahdi.
    (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
    by francesco_r, rfrantik, one47)
  • Resolve a memory leak when the Asterisk Manager Interface is disabled.
    (Reported internally by kmorgan. Patched by russellb)
  • Reimplemented fax session reservation to reverse the ABI breakage introduced
    in r297486.
    (Reported internally. Patched by mnicholson)
  • Fix regression that changed behavior of queues when ringing a queue member.
    (Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
  • Resolve deadlock involving REFER.
    (Closes issue #18403. Reported, tested by jthurman. Patched by jpeeler.)

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3

1Mar/110

Rilasciato Asterisk 1.6.2.17

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.17

Dal post originale:

The following is a sample of the issues resolved in this release:

  • Resolve duplicated data in the AstDB when using DIALGROUP()
    (Closes issue #18091. Reported by bunny. Patched by tilghman)
  • Correct issue where res_config_odbc could populate fields with invalid data.
    (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
    jthurman, elguero, zerohalo. Patched by tilghman)
  • When using cdr_pgsql the billsec field was not populated correctly on
    unanswered calls.
    (Closes issue #18406. Reported by joscas. Patched by tilghman)
  • Resolve issue where re-transmissions of SUBSCRIBE could break presence.
    (Closes issue #18075. Reported by mdu113. Patched by twilson)
  • Fix regression causing forwarding voicemails to not work with file storage.
    (Closes issue #18358. Reported by cabal95. Patched by jpeeler)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)
  • Resolve several issues with DTMF based attended transfers.
    (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchaun, grecco. Patched by rmudgett).
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve issue where no Music On Hold may be triggered when using
    res_timing_dahdi.
    (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
    by francesco_r, rfrantik, one47)
  • Fix regression that changed behavior of queues when ringing a queue member.
    (Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17

1Mar/110

Rilasciato Asterisk 1.4.40

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.40

Dal post originale:

The following is a sample of the issues resolved in this release:

  • Correct issue where res_config_odbc could populate fields with invalid data.
    (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
    jthurman, elguero, zerohalo. Patched by tilghman)
  • Resolve issue where re-transmissions of SUBSCRIBE could break presence.
    (Closes issue #18075. Reported by mdu113. Patched by twilson)
  • Resolve issue in res_odbc where it may crash when a query fails.
    (Closes issue #18243. Reported, patched by ks3)
  • Fix CPU spike when pressing DTMF after agent login.
    (Closes issue #18130. Reported by rgj. Patched by jpeeler)
  • Fix cross-compiling issue.
    (Closes issue #18301. Reported, patched by abelbeck)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)
  • Resolve several issues with DTMF based attended transfers.
    (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchaun, grecco. Patched by rmudgett).
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Fix regression that changed behavior of queues when ringing a queue member.
    (Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40


Inserito in: Asterisk Nessun commento