ASTERWEB Blog

30Giu/110

Rilasciati Asterisk 1.4.41.2, 1.6.2.18.2 e 1.8.4.4 (Security Release)

logoasterisk

Il giorno 28 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.4.41.2, 1.6.2.18.2 e 1.8.4.4 (Security Release)

Dal post originale:
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
following issue:

AST-2011-011: Asterisk may respond differently to SIP requests from an
invalid SIP user than it does to a user configured on the system, even when the
alwaysauthreject option is set in the configuration. This can leak information
about what SIP users are valid on the Asterisk system.

For more information about the details of this vulnerability, please read
the security advisory AST-2011-011, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-011 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-011.pdf

27Giu/110

Rilasciato Asterisk 1.6.2.19-rc1

logoasterisk

Il giorno 24 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.19-rc1

Dal post originale:
Please note that Asterisk 1.6.2.19 will be the final maintenance release from the
1.6.2 branch. Support for security related issues will continue for one
additional year. For more information about support of the various Asterisk
branches, see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

The release of Asterisk 1.6.2.19-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19-rc1

Inserito in: Asterisk Nessun commento
27Giu/110

Rilasciate nuove versioni Asterisk: 1.8.4.3, 1.6.2.18.1 e 1.4.41.1

logoasterisk

Il giorno 23 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.8.4.3, 1.6.2.18.1 e 1.4.41.1

Dal post originale:
he release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues
as outlined below:

AST-2011-008: If a remote user sends a SIP packet containing a null,
Asterisk assumes available data extends past the null to the
end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past
the end of the buffer altering unrelated memory structures.
This vulnerability does not affect TCP/TLS connections.
-- Resolved in 1.6.2.18.1 and 1.8.4.3
AST-2011-009: A remote user sending a SIP packet containing a Contact header
with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 1.8.4.3 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 The issues and resolutions are described in the AST-2011-008, AST-2011-009, and AST-2011-010 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available at: http://downloads.asterisk.org/pub/security/AST-2011-008.pdf http://downloads.asterisk.org/pub/security/AST-2011-009.pdf http://downloads.asterisk.org/pub/security/AST-2011-010.pdf

Inserito in: Asterisk Nessun commento
4Giu/110

Rilasciato Asterisk 1.8.4.2 (security release)

logoasterisk

Il giorno 2 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4.2

Dal post originale:
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing which
can lead to a remotely exploitable crash:

Remote Crash Vulnerability in SIP channel driver (AST-2011-007)

The issue and resolution is described in the AST-2011-007 security
advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-007, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-007 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-007.pdf

25Mag/110

Rilasciato Asterisk 1.8.4.1

logoasterisk

Il giorno 24 maggio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4.1

Dal post originale:
The release of Asterisk 1.8.4.1 resolves several issues reported by the
community. Without your help this release would not have been possible.
Thank you!

Below is a list of issues resolved in this release:

Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
(Closes issue #18951. Reported by jmls. Patched by wdoekes)
Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
This issue was found and reported by the Asterisk test suite.
(Closes issue #18951. Patched by mnicholson)
Resolve potential crash when using SIP TLS support.
(Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by
vois, Chainsaw)
Improve reliability when using SIP TLS.
(Closes issue #19182. Reported by st. Patched by mnicholson)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1

Inserito in: Asterisk Nessun commento
6Mag/110

Rilasciato Asterisk 1.8.4-rc3

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4-rc3

Dal post originale:
The release of Asterisk 1.8.4-rc3 resolves a couple of issues since the last
release candidate, including two security related issues (AST-2011-005 and
AST-2011-006).

Use SSLv23_client_method instead of old SSLv2 only.
(Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by russell
and chazzam.
Resolve crash in ast_mutex_init()
(Patched by twilson)
Includes changes per AST-2011-005 and AST-2011-006

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4-rc3

Information about the security releases are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

6Mag/110

Rilasciato Asterisk 1.6.2.18

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.18

Dal post originale:
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47)
Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes.
Resolve deadlocks related to device states in chan_sip
(Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
Patched by russellb)
Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
jpeeler)
Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18

6Mag/110

Rilasciato Asterisk 1.4.41

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.41

Dal post originale:
The release of Asterisk 1.4.41 resolves several issues reported by the community
and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47)
Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes.
Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
Patched by russellb)
Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
jpeeler)
Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

After the initial release of AST-2011-006, a regression was found and then
resolved. This release contains the correct change.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.41

22Apr/110

Nuove Security Release di Asterisk: 1.4.40.1, 1.6.1.25, 1.6.2.17.3 e 1.8.3.3

logoasterisk

Il giorno 21 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3 e 1.8.3.3 (Security Releases)

Dal post originale:
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

13Apr/110

Nuovo corso Asterisk 1.8

E' il momento giusto !!!

Si, è il momento giusto per imparare ad "usare", come si deve, il nuovo Asterisk 1.8.

Questa nuova versione è ricca di innovative funzionalità; nel corso, esamineremo le reali necessità di un'azienda e costruiremo il sistema asterisk tenendo conto di eventuali sistemi presenti nell'azienda, quali potrebbero essere una collaboration suite tipo Exchange, Zimbra, Google calendar e la possibilità di integrare gli stessi con le nuove funzionalità messe a disposizione dalla nuova versione.

Se volete info aggiuntive o fare la già la prenotazione per il corso, contattateci pure. Tel. 0239198381 E-mail: info@asterweb.org

Saluti

13Apr/110

Rilasciata versione DAHDI-Linux 2.4.1.2

logoasterisk

Il giorno 12 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione 2.4.1.2 di DAHDI-Linux e DAHDI-Tools.

Dal post originale:
2.4.1.2 is a maintenance release that resolves a conflict with RHEL 5.6. RHEL 5.6 backported the definition of dev_name from kernel 2.6.26. DAHDI also had this definition backported. The result was that DAHDI would fail to compile. The issue was originally reported in [1].

[1] https://issues.asterisk.org/view.php?id=18992

Inserito in: Asterisk Nessun commento
18Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.24, 1.6.2.17.2 e 1.8.3.2

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.24, 1.6.2.17.2 e 1.8.3.2 (Security Releases)

Dal post originale:

This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.23, 1.6.2.17.1 e 1.8.3.1

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.23, 1.6.2.17.1 e 1.8.3.1 (Security Releases)

Dal post originale:

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-004: Remote crash vulnerability in TCP/TLS server

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-003: Resource exhaustion in Asterisk Manager Interface

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf