ASTERWEB Blog

15Dic/110

Rilasciato Asterisk 10.0.0-rc3

Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.0.0-rc3

Dal post originale:
The Asterisk Development Team has announced the third release candidate of
Asterisk 10.0.0. This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 10.0.0-rc3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Add ASTSBINDIR to the list of configurable paths
This patch also makes astdb2sqlite3 and astcanary use the configured
directory instead of relying on $PATH.

Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.

Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.

Fix a change in behavior in 'database show' from 1.8.
In 1.8 and previous versions, one could use any fullword portion of
the key name, including the full key, to obtain the record. Until this
patch, this did not work for the full key.

Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.

In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.

Fixed SendMessage stripping extension from To: header in SIP MESSAGE
When using the MessageSend application to send a SIP MESSAGE to a
non-peer, chan_sip stripped off the extension and failed to add it back
to the sip_pvt structure before transmitting. This patch adds the full
URI passed in from the message core to the sip_pvt structure.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.0.0-rc3

Inserito in: Asterisk Nessun commento
15Dic/110

Rilasciato Asterisk 1.8.8.0-rc5

Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.8.0-rc5

Dal post originale:
he release of Asterisk 1.8.8.0-rc5 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.

Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.

Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.

In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc5

Inserito in: Asterisk Nessun commento
15Dic/110

Rilasciati Asterisk (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2

Il giorno 12 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2

Dal post originale:
hese releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue
with possible remote enumeration of SIP endpoints with differing NAT settings.

The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
possibility with SIP when the "automon" feature is enabled.

The issues and resolutions are described in the AST-2011-013 and AST-2011-014
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-013 and AST-2011-014, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-013 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
Security advisory AST-2011-014 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-014.pdf