ASTERWEB Blog

4Giu/110

Rilasciato Asterisk 1.8.4.2 (security release)

logoasterisk

Il giorno 2 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4.2

Dal post originale:
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing which
can lead to a remotely exploitable crash:

Remote Crash Vulnerability in SIP channel driver (AST-2011-007)

The issue and resolution is described in the AST-2011-007 security
advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-007, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-007 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-007.pdf

25Mag/110

Rilasciato Asterisk 1.8.4.1

logoasterisk

Il giorno 24 maggio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4.1

Dal post originale:
The release of Asterisk 1.8.4.1 resolves several issues reported by the
community. Without your help this release would not have been possible.
Thank you!

Below is a list of issues resolved in this release:

Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
(Closes issue #18951. Reported by jmls. Patched by wdoekes)
Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
This issue was found and reported by the Asterisk test suite.
(Closes issue #18951. Patched by mnicholson)
Resolve potential crash when using SIP TLS support.
(Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by
vois, Chainsaw)
Improve reliability when using SIP TLS.
(Closes issue #19182. Reported by st. Patched by mnicholson)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1

Inserito in: Asterisk Nessun commento
6Mag/110

Rilasciato Asterisk 1.8.4-rc3

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4-rc3

Dal post originale:
The release of Asterisk 1.8.4-rc3 resolves a couple of issues since the last
release candidate, including two security related issues (AST-2011-005 and
AST-2011-006).

Use SSLv23_client_method instead of old SSLv2 only.
(Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by russell
and chazzam.
Resolve crash in ast_mutex_init()
(Patched by twilson)
Includes changes per AST-2011-005 and AST-2011-006

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4-rc3

Information about the security releases are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

6Mag/110

Rilasciato Asterisk 1.6.2.18

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.18

Dal post originale:
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47)
Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes.
Resolve deadlocks related to device states in chan_sip
(Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
Patched by russellb)
Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
jpeeler)
Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18

6Mag/110

Rilasciato Asterisk 1.4.41

logoasterisk

Il giorno 26 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.41

Dal post originale:
The release of Asterisk 1.4.41 resolves several issues reported by the community
and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47)
Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes.
Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
Patched by russellb)
Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
jpeeler)
Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

After the initial release of AST-2011-006, a regression was found and then
resolved. This release contains the correct change.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.41

22Apr/110

Nuove Security Release di Asterisk: 1.4.40.1, 1.6.1.25, 1.6.2.17.3 e 1.8.3.3

logoasterisk

Il giorno 21 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3 e 1.8.3.3 (Security Releases)

Dal post originale:
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

13Apr/110

Nuovo corso Asterisk 1.8

E' il momento giusto !!!

Si, è il momento giusto per imparare ad "usare", come si deve, il nuovo Asterisk 1.8.

Questa nuova versione è ricca di innovative funzionalità; nel corso, esamineremo le reali necessità di un'azienda e costruiremo il sistema asterisk tenendo conto di eventuali sistemi presenti nell'azienda, quali potrebbero essere una collaboration suite tipo Exchange, Zimbra, Google calendar e la possibilità di integrare gli stessi con le nuove funzionalità messe a disposizione dalla nuova versione.

Se volete info aggiuntive o fare la già la prenotazione per il corso, contattateci pure. Tel. 0239198381 E-mail: info@asterweb.org

Saluti

13Apr/110

Rilasciata versione DAHDI-Linux 2.4.1.2

logoasterisk

Il giorno 12 aprile, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione 2.4.1.2 di DAHDI-Linux e DAHDI-Tools.

Dal post originale:
2.4.1.2 is a maintenance release that resolves a conflict with RHEL 5.6. RHEL 5.6 backported the definition of dev_name from kernel 2.6.26. DAHDI also had this definition backported. The result was that DAHDI would fail to compile. The issue was originally reported in [1].

[1] https://issues.asterisk.org/view.php?id=18992

Inserito in: Asterisk Nessun commento
18Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.24, 1.6.2.17.2 e 1.8.3.2

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.24, 1.6.2.17.2 e 1.8.3.2 (Security Releases)

Dal post originale:

This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk: Rilasciate le Security Releases 1.6.1.23, 1.6.2.17.1 e 1.8.3.1

logoasterisk

Il giorno 17 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  1.6.1.23, 1.6.2.17.1 e 1.8.3.1 (Security Releases)

Dal post originale:

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  • Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  • Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-004: Remote crash vulnerability in TCP/TLS server

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

17Mar/110

Asterisk sicurezza – AST-2011-003: Resource exhaustion in Asterisk Manager Interface

logoasterisk

Questo il link per scaricare il documento in PDF:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf

4Mar/110

Rilasciata 2.4.1 di DAHDI-Linux e DAHDI-Tools

logoasterisk

Il giorno 3 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione 2.4.1 di DAHDI-Linux e DAHDI-Tools.

Dal post originale:

2.4.1 is a maintenance release of the DAHDI drivers and tools packages. Some of the more notable changes are:

  • Support for compilation against kernel versions from 2.6.9 up to and including 2.6.38-rc6.
  • wct4xxp: PCI-express cards go through an extended reset at start by default.
  • wcte12xp, wctdm24xxp: Disable read-line multiple PCI command, which increases compatibility in some systems.
  • xpp: Fixes init error for PRI devices with < 4 ports.
  • tonezone: Add Macao, China to tone zone data.
  • dahdi_genconf: Don't generate configurations that use channel 16 on E1 CAS.

For a full list of changes in these releases, please see the ChangeLogs at http://svn.asterisk.org/svn/dahdi/linux/tags/2.4.1/ChangeLog and http://svn.asterisk.org/svn/dahdi/tools/tags/2.4.1/ChangeLog

Issues found in these release candidates can be reported in the DAHDI-linux or DAHDI-tools project at https://issues.asterisk.org

Inserito in: Asterisk Nessun commento
1Mar/110

Rilasciato Asterisk 1.8.4-rc2

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4-rc2

Dal post originale:

The release of Asterisk 1.8.4-rc2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

  • Resolution of several DTMF based attended transfer issues.
    (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchuan, grecco. Patched by rmudgett)
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve deadlocks related to device states in chan_sip
    (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
  • Resolve an issue with the Asterisk manager interface leaking memory when
    disabled.
    (Reported internally by kmorgan. Patched by russellb)
  • Support greetingsfolder as documented in voicemail.conf.sample.
    (Closes issue #17870. Reported by edhorton. Patched by seanbright)
  • Fix channel redirect out of MeetMe() and other issues with channel softhangup
    (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
    Patched by russellb)
  • Fix voicemail sequencing for file based storage.
    (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
    jpeeler)
  • Set hangup cause in local_hangup so the proper return code of 486 instead of
    503 when using Local channels when the far sides returns a busy. Also affects
    CCSS in Asterisk 1.8+.
    (Patched by twilson)
  • Fix issues with verbose messages not being output to the console.
    (Closes issue #18580. Reported by pabelanger. Patched by qwell)

Asterisk 1.8.4-rc1 was not released due to a blocking issue found prior to
release. An additional fix was merged into Asterisk 1.8.4-rc2:

  • Fix Deadlock with attended transfer of SIP call
    (Closes issue #18837. Reported, patched by alecdavis. Tested by
    alecdavid, Irontec, ZX81, cmaj)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4-rc2


1Mar/110

Rilasciato Asterisk 1.6.2.18-rc1

logoasterisk

Il giorno 28 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.18-rc1

Dal post originale:

The following is a sample of the issues resolved in this release candidate:

  • Only offer codecs both sides support for directmedia.
    (Closes issue #17403. Reported, patched by one47)
  • Resolution of several DTMF based attended transfer issues.
    (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchuan, grecco. Patched by rmudgett)
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve deadlocks related to device states in chan_sip
    (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
  • Fix channel redirect out of MeetMe() and other issues with channel softhangup
    (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
    Patched by russellb)
  • Fix voicemail sequencing for file based storage.
    (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
    jpeeler)
  • Guard against retransmitting BYEs indefinitely during attended transfers with
    chan_sip.
    (Review: https://reviewboard.asterisk.org/r/1077/)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18-rc1