U radu programskog paketa Asterisk uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za DoS (eng. Denial of Service) napad.

---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-14538
2011-10-18 21:18:11
---------------------------------------------------------------------------=
-----

Name        : asterisk
Product     : Fedora 15
Version     : 1.8.7.1
Release     : 1.fc15
URL         : http://www.asterisk.org/
Summary     : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.

---------------------------------------------------------------------------=
-----
Update Information:

The Asterisk Development Team has announced a security release for Asterisk=
 1.8.
The available security release is released as version 1.8.7.1.

This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic=
h can
lead to a remotely exploitable crash:

   Remote Crash Vulnerability in SIP channel driver (AST-2011-012)

The issue and resolution is described in the AST-2011-012 security
advisory.

For more information about the details of this vulnerability, please read t=
he
security advisory AST-2011-012, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8=
.7.1

Security advisory AST-2011-012 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

---------------------------------------------------------------------------=
-----
ChangeLog:

* Mon Oct 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asteri=
sk 1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh=
ich can
- lead to a remotely exploitable crash:
-
-    Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read=
 the
- security advisory AST-2011-012, which was released at the same time as th=
is
- announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.7.1
* Mon Oct  3 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.7.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- Please note that a significant numbers of changes and fixes have gone into
- features.c in this release (call parking, built-in transfers, call pickup,
- etc.).
-
- NOTE:
-
- Recently, we were notified that the mechanism included in our Asterisk so=
urce
- code releases to download and build support for the iLBC codec had stopped
- working correctly; a little investigation revealed that this occurred bec=
ause of
- some changes on the ilbcfreeware.org website. These changes occurred as a=
 result
- of Google's acquisition of GIPS, who produced (and provided licenses for)=
 the
- iLBC codec.
-
- If you are a user of Asterisk and iLBC together, and you've already execu=
ted a
- license agreement with GIPS, we believe you can continue using iLBC with
- Asterisk. If you are a user of Asterisk and iLBC together, but you had not
- executed a license agreement with GIPS, we encourage you to research the
- situation and consult with your own legal representatives to determine wh=
at
- actions you may want to take (or avoid taking).
-
- More information is available on the Asterisk blog:
-
- http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googl=
es-acquisition-of-gips/
-
- The following is a sample of the issues resolved in this release:
-
- * Added the 'storesipcause' option to sip.conf to allow the user to disab=
le the
-  setting of HASH(SIP_CAUSE,) on the channel. Having chan_sip set
-  HASH(SIP_CAUSE,) on the channel carries a significant performance
-  penalty because of the usage of the MASTER_CHANNEL() dialplan function.
-
-  We've decided to disable this feature by default in future 1.8 versions.=
 This
-  would be an unexpected behavior change for anyone depending on that SIP_=
CAUSE
-  update in their dialplan. Please refer to the asterisk-dev mailing list =
more
-  information:
-
-  http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
-
- * Significant fixes and improvements to parking lots.
-  (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430, ASTERISK-=
17452,
-  ASTERISK-17452, ASTERISK-15792. Reported by: David Cabrejos, Remi Quezad=
a,
-  Philippe Lindheimer, David Woolley, Mat Murdock. Patched by: rmudgett)
-
- * Numerous issues have been reported for deadlocks that are caused by a b=
locking
-  read in res_timing_timerfd on a file descriptor that will never be writt=
en to.
-
-  A change to Asterisk adds some checks to make sure that the timerfd is b=
oth
-  valid and armed before calling read(). Should fix: ASTERISK-18142,
-  ASTERISK-18197, ASTERISK-18166 and possibly others.
-  (In essence, this change should make res_timing_timerfd usable.)
-
- * Resolve segfault when publishing device states via XMPP and not connect=
ed.
-  (Closes issue ASTERISK-18078. Reported, patched by: Michael L. Young. Te=
sted
-  by Jonathan Rose)
-
- * Refresh peer address if DNS unavailable at peer creation.
-  (Closes issue ASTERISK-18000)
-
- * Fix the missing DAHDI channels when using the newer chan_dahdi.conf sec=
tions
-  for channel configuration.
-  (Closes issue ASTERISK-18496. Reported by Sean Darcy. Patched by Richard
-  Mudgett)
-
- * Remove unnecessary libpri dependency checks in the configure script.
-  (Closes issue ASTERISK-18535. Reported by Michael Keuter. Patched by Ric=
hard
-  Mudgett)
-
- * Update get_ilbc_source.sh script to work again.
-  (Closes issue ASTERISK-18412)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-4
- Add additional patch for res_pktccops.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-3
- Add patch to fix compatibility with 389 directory server.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-2
- Add patches to fix many bug reports from bugzilla.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.6.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix an issue with Music on Hold classes losing files in playlist when r=
ealtime
-  is used.
-  (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I=
gor
-  Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor=
ming a
-  'sip reload' from the console.
-  (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu=
dgett)
-
- * Address some improper sql statements in res_odbc that would cause an up=
date
-  to fail on realtime peers due to trying to set as "(NULL)" rather than an
-  actual NULL.
-  (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti=
lghman
-  Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number o=
f times
-  regardless to receipt of ACK.
-  (Patched by Richard Mudgett)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
-  always request PIN(P) options, MeetMe will ask for the PIN two times: on=
ce for
-  creating the conference and once for entering the conference.
-  (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
-  http://www.telepermit.co.nz/TNA102.pdf
-  (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- * Segfault in shell_helper in func_shell.c
-  (Closes issue ASTERISK-18109. Reported by Michael Myles, patched by Rich=
ard
-  Mudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0
* Tue Aug 23 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-0.2.rc2
- The Asterisk Development Team has announced the second release candidate =
of
- Asterisk 1.8.6.0. This release candidate is available for immediate downl=
oad at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc2 resolves several issues reported by t=
he
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * --- Segfault in shell_helper in func_shell.c ---
-  (Closes issue ASTERISK-18109.
-   Reported by Michael Myles, patched by Richard Mudgett)
-
- * --- Re-add support for spaces in pathnames ---
-  (Closes issue ASTERISK-18290.
-   Reported by Paul Belanger, patched by Tilghman Lesher)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc2
* Thu Aug 11 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-0.1.rc1
- The Asterisk Development Team announces the first release candidate of
- Asterisk 1.8.6.0. This release candidate is available for immediate downl=
oad at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc1 resolves several issues reported by t=
he
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * Fix an issue with Music on Hold classes losing files in playlist when r=
ealtime
-  is used.
-  (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I=
gor
-   Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor=
ming a
-  'sip reload' from the console.
-  (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu=
dgett)
-
- * Address some improper sql statements in res_odbc that would cause an up=
date
-  to fail on realtime peers due to trying to set as "(NULL)" rather than an
-  actual NULL.
-  (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti=
lghman
-   Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number o=
f times
-  regardless to receipt of ACK.
-  (Patched by Richard Mudgett)
-
- * Updated chan_gtalk to work with changes made by Google.
-  (Closes issue ASTERISK-18804. Patched by Terry Wilson)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
-  always request PIN(P) options, MeetMe will ask for the PIN two times: on=
ce for
-  creating the conference and once for entering the conference.
-  (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
-  http://www.telepermit.co.nz/TNA102.pdf
-  (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc1
* Thu Jul 21 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
-  (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,=
 ZX81,
-  cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
-  (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo=
is,
-  rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requ=
ests.
-  (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a s=
pied on
-  channel made a call.
-  (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for al=
ways
-  prompting for a pin is ignored for the first caller.
-  (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs=
 up. If
-  the call that the dialplan started an AGI script for is hungup while the=
 AGI
-  script is in the middle of a command then the AGI script is not notified=
 of
-  the hangup.
-  (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu=
dgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent.=
 The
-  same thing happens when checking a voicemail and marking it as read.
-  (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa=
rd
-  Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
-  between participants. Parenthesis in the wrong position. Regression from=
 issue
-  #14365 when expanding conference flags to use 64 bits.
-  (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul  7 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
* Fri Jul  1 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.1.rc1
- Fix systemd dependencies in EL6 and F15
* Thu Jun 30 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.1.rc1
- The Asterisk Development Team has announced the first release candidate of
- Asterisk 1.8.5. This release candidate is available for immediate downloa=
d at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * Fix Deadlock with attended transfer of SIP call
-  (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,=
 ZX81,
-   cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
-  (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo=
is,
-   rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requ=
ests.
-  (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a s=
pied on
-  channel made a call.
-  (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for al=
ways
-  prompting for a pin is ignored for the first caller.
-  (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs=
 up. If
-  the call that the dialplan started an AGI script for is hungup while the=
 AGI
-  script is in the middle of a command then the AGI script is not notified=
 of
-  the hangup.
-  (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu=
dgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent.=
 The
-  same thing happens when checking a voicemail and marking it as read.
-  (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa=
rd
-   Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
-  between participants. Parenthesis in the wrong position. Regression from=
 issue
-  #14365 when expanding conference flags to use 64 bits.
-  (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- * Fix timerfd locking issue.
-  (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
* Thu Jun 30 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-2
- Fedora Directory Server -> 389 Directory Server
* Wed Jun 29 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-1
- The Asterisk Development Team has announced the release of Asterisk
- versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security
- releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
- following issue:
-
- AST-2011-011: Asterisk may respond differently to SIP requests from an
- invalid SIP user than it does to a user configured on the system, even
- when the alwaysauthreject option is set in the configuration. This can
- leak information about what SIP users are valid on the Asterisk
- system.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-011, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the Change=
Log:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.4.41.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.6.2.18.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.4
-
- Security advisory AST-2011-011 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-011.pdf
* Mon Jun 27 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-3
- Don't forget stereorize
* Mon Jun 27 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-2
- Move /var/run/asterisk to /run/asterisk
- Add comments to systemd service file on how to mimic safe_asterisk functi=
onality
- Build more of the optional binaries
- Install the tmpfiles.d configuration on Fedora 15
* Fri Jun 24 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-1
- The Asterisk Development Team has announced the release of Asterisk versi=
ons
- 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several =
issues
- as outlined below:
-
- * AST-2011-008: If a remote user sends a SIP packet containing a null,
-  Asterisk assumes available data extends past the null to the
-  end of the packet when the buffer is actually truncated when
-  copied.  This causes SIP header parsing to modify data past
-  the end of the buffer altering unrelated memory structures.
-  This vulnerability does not affect TCP/TLS connections.
-  -- Resolved in 1.6.2.18.1 and 1.8.4.3
-
- * AST-2011-009: A remote user sending a SIP packet containing a Contact h=
eader
-  with a missing left angle bracket (<) causes Asterisk to
-  access a null pointer.
-  -- Resolved in 1.8.4.3
-
- * AST-2011-010: A memory address was inadvertently transmitted over the
-  network via IAX2 via an option control frame and the remote party would =
try
-  to access it.
-  -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
-
- The issues and resolutions are described in the AST-2011-008, AST-2011-00=
9, and
- AST-2011-010 security advisories.
-
- For more information about the details of these vulnerabilities, please r=
ead
- the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, whi=
ch were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the Change=
Log:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.4.41.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.6.2.18.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.3
-
- Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are avai=
lable
- at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-010.pdf
* Tue Jun 21 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.2-2
- Convert to systemd
* Fri Jun 17 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.=
m> - 1.8.4.2-1.2
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.=
m> - 1.8.4.2-1.1
- Perl 5.14 mass rebuild
* Fri Jun  3 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.2-1:
-
- The Asterisk Development Team has announced the release of Asterisk
- version 1.8.4.2, which is a security release for Asterisk 1.8.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.4.2 resolves an issue with SIP URI
- parsing which can lead to a remotely exploitable crash:
-
-    Remote Crash Vulnerability in SIP channel driver (AST-2011-007)
-
- The issue and resolution is described in the AST-2011-007 security
- advisory.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-007, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.2
-
- Security advisory AST-2011-007 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-007.pdf
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.4=
.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4.1 resolves several issues reported by the
- community. Without your help this release would not have been possible.
- Thank you!
-
- Below is a list of issues resolved in this release:
-
-  * Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
-   (Closes issue #18951. Reported by jmls. Patched by wdoekes)
-
-  * Resolve a change in IPv6 header parsing due to the Cisco phone fix iss=
ue.
-   This issue was found and reported by the Asterisk test suite.
-   (Closes issue #18951. Patched by mnicholson)
-
-  * Resolve potential crash when using SIP TLS support.
-   (Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by
-    vois, Chainsaw)
-
-  * Improve reliability when using SIP TLS.
-   (Closes issue #19182. Reported by st. Patched by mnicholson)
-
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1

- The Asterisk Development Team has announced the release of Asterisk 1.8.4=
. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4 resolves several issues reported by the com=
munity.
- Without your help this release would not have been possible. Thank you!
-
- Below is a sample of the issues resolved in this release:
-
-  * Use SSLv23_client_method instead of old SSLv2 only.
-   (Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by r=
ussell
-   and chazzam.
-
-  * Resolve crash in ast_mutex_init()
-   (Patched by twilson)
-
-  * Resolution of several DTMF based attended transfer issues.
-   (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
-   shihchuan, grecco. Patched by rmudgett)
-
-   NOTE: Be sure to read the ChangeLog for more information about these ch=
anges.
-
-  * Resolve deadlocks related to device states in chan_sip
-   (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
-
-  * Resolve an issue with the Asterisk manager interface leaking memory wh=
en
-   disabled.
-   (Reported internally by kmorgan. Patched by russellb)
-
-  * Support greetingsfolder as documented in voicemail.conf.sample.
-   (Closes issue #17870. Reported by edhorton. Patched by seanbright)
-
-  * Fix channel redirect out of MeetMe() and other issues with channel sof=
thangup
-   (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
-   Patched by russellb)
-
-  * Fix voicemail sequencing for file based storage.
-   (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
-   jpeeler)
-
-  * Set hangup cause in local_hangup so the proper return code of 486 inst=
ead of
-   503 when using Local channels when the far sides returns a busy. Also a=
ffects
-   CCSS in Asterisk 1.8+.
-   (Patched by twilson)
-
-  * Fix issues with verbose messages not being output to the console.
-   (Closes issue #18580. Reported by pabelanger. Patched by qwell)
-
-  * Fix Deadlock with attended transfer of SIP call
-   (Closes issue #18837. Reported, patched by alecdavis. Tested by
-   alecdavid, Irontec, ZX81, cmaj)
-
- Includes changes per AST-2011-005 and AST-2011-006
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4
-
- Information about the security releases are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d=
river (AST-2011-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D746817
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-14480
2011-10-18 07:13:58
---------------------------------------------------------------------------=
-----

Name        : asterisk
Product     : Fedora 16
Version     : 1.8.7.1
Release     : 1.fc16
URL         : http://www.asterisk.org/
Summary     : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.

---------------------------------------------------------------------------=
-----
Update Information:

The Asterisk Development Team has announced a security release for Asterisk=
 1.8.
The available security release is released as version 1.8.7.1.

This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic=
h can
lead to a remotely exploitable crash:

   Remote Crash Vulnerability in SIP channel driver (AST-2011-012)

The issue and resolution is described in the AST-2011-012 security
advisory.

For more information about the details of this vulnerability, please read t=
he
security advisory AST-2011-012, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8=
.7.1

Security advisory AST-2011-012 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

---------------------------------------------------------------------------=
-----
ChangeLog:

* Mon Oct 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asteri=
sk 1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh=
ich can
- lead to a remotely exploitable crash:
-
-    Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read=
 the
- security advisory AST-2011-012, which was released at the same time as th=
is
- announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.7.1
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d=
river (AST-2011-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=3D746817
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce