Uočena je i ispravljena nepravilnost kod programskog paketa asterisk. Potencijalni napadači su je mogli iskoristiti za napad uskraćivanjem usluga (DoS).
| Paket: | asterisk 1.x |
| Operacijski sustavi: | Fedora 15, Fedora 16 |
| Kritičnost: | 2.3 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-2947 |
| Izvorni ID preporuke: | FEDORA-2012-8692 |
| Izvor: | Fedora |
| Problem: | |
| Propusti su povezani s greškom u datoteci "chan_iax2.c". |
|
| Posljedica: | |
| Navedeni problem napadači mogu iskoristiti za DoS napad. |
|
| Rješenje: | |
| Savjetuje se instalacija dostupne nadogradnje koja otklanja opisani nedostatak. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8692
2012-06-01 16:17:38
--------------------------------------------------------------------------------
Name : asterisk
Product : Fedora 16
Version : 1.8.12.2
Release : 1.fc16
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the
following
two issues:
* A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name, potentially causing a crash.
* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client closes its connection to the server,
a pointer in a structure is set to NULL. If the client was not in the
on-hook state at the time the connection was closed, this pointer is later
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-007 and AST-2012-008, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.2-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.2 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- Resolve crash in subscribing for MWI notifications
- (Closes issue ASTERISK-19827. Reported by B. R)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
* Wed May 30 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the
following
- two issues:
-
- * A remotely exploitable crash vulnerability exists in the IAX2 channel
- driver if an established call is placed on hold without a suggested music
- class. Asterisk will attempt to use an invalid pointer to the music
- on hold class name, potentially causing a crash.
-
- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
- Channel driver. When an SCCP client closes its connection to the server,
- a pointer in a structure is set to NULL. If the client was not in the
- on-hook state at the time the connection was closed, this pointer is later
- dereferenced. This allows remote authenticated connections the ability to
- cause a crash in the server, denying services to legitimate users.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-007 and AST-2012-008, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
* Thu May 3 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Prevent chanspy from binding to zombie channels
- (Closes issue ASTERISK-19493. Reported by lvl)
-
- * --- Fix Dial m and r options and forked calls generating warnings
- for voice frames.
- (Closes issue ASTERISK-16901. Reported by Chris Gentle)
-
- * --- Remove ISDN hold restriction for non-bridged calls.
- (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
-
- * --- Fix copying of CDR(accountcode) to local channels.
- (Closes issue ASTERISK-19384. Reported by jamicque)
-
- * --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
- (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
-
- * --- Eliminate double close of file descriptor in manager.c
- (Closes issue ASTERISK-18453. Reported by Jaco Kroon)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
* Tue Apr 24 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.11.1-1:
- The Asterisk Development Team has announced security releases for Asterisk
1.6.2,
- 1.8, and 10. The available security releases are released as versions
1.6.2.24,
- 1.8.11.1, and 10.3.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following
two
- issues:
-
- * A permission escalation vulnerability in Asterisk Manager Interface. This
- would potentially allow remote authenticated users the ability to execute
- commands on the system shell with the privileges of the user running the
- Asterisk application.
-
- * A heap overflow vulnerability in the Skinny Channel driver. The keypad
- button message event failed to check the length of a fixed length buffer
- before appending a received digit to the end of that buffer. A remote
- authenticated user could send sufficient keypad button message events that
the
- buffer would be overrun.
-
- In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following
- issue:
-
- * A remote crash vulnerability in the SIP channel driver when processing
UPDATE
- requests. If a SIP UPDATE request was received indicating a connected line
- update after a channel was terminated but before the final destruction of
the
- associated SIP dialog, Asterisk would attempt a connected line update on a
- non-existing channel, causing a crash.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
* Fri Mar 30 2012 Russell Bryant <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.11.0-1
- Update to 1.8.11.0
* Sat Mar 17 2012 Russell Bryant <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.10.1-1
- Update to 1.8.10.1 from upstream.
- Fix remote stack overflow in app_milliwatt.
- Fix remote stack overflow, including possible code injection, in HTTP digest
authentication handling.
- Diable build of SRTP on ppc64, as it doesn't build right now.
- Resolves: rhbz#804045, rhbz#804038, rhbz#804042
* Fri Dec 9 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.2-1
- The Asterisk Development Team has announced security releases for Asterisk
1.4,
- 1.6.2 and 1.8. The available security releases are released as versions
1.4.43,
- 1.6.2.21 and 1.8.7.2.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an
issue
- with possible remote enumeration of SIP endpoints with differing NAT settings.
-
- The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
- possibility with SIP when the "automon" feature is enabled.
-
- The issues and resolutions are described in the AST-2011-013 and AST-2011-014
- security advisories.
-
- For more information about the details of these vulnerabilities, please read
the
- security advisories AST-2011-013 and AST-2011-014, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2
-
- Security advisory AST-2011-013 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
-
- Security advisory AST-2011-014 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
* Thu Nov 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.4.rc4
- The Asterisk Development Team has announced the fourth release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc4 resolves a particular issue with BLF
- subscriptions. A change in Asterisk 1.8.8.0-rc3 had the potential to cause a
- segfault, and this release candidate was created to resolve that.
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc4
* Thu Nov 10 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.3.rc3
- The Asterisk Development Team has announced the third release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc3 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Prevent BLF subscriptions from causing deadlocks.
- (Closes issue ASTERISK-18663)
- Review: https://reviewboard.asterisk.org/r/1563/
-
- * Fix deadlock if peer is destroyed while sending MWI notice.
- (Closes issue ASTERISK-18747)
- Reported by: Gregory Hinton Nietsky
-
- * Fix issue with setting defaultenabled on categories that are already enabled
- by default.
- (Closes issue ASTERISK-18738)
- Reported by: Paul Belanger
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc3
* Tue Nov 8 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.2.rc2
- The Asterisk Development Team has announced the second release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * --- Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012) ---
- http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
-
- * --- Fix locking order in app_queue.c which caused deadlocks ---
- (Closes issue ASTERISK-18101. Reported by Paul Rolfe, patched by Gregory
Nietsky)
- (Closes issue ASTERISK-18487. Reported by Jason Legault, patched by Gregory
- Nietsky)
-
- * --- Fix regression in configure script for libpri capability checks ---
- (Closes issue ASTERISK-18687. Reported by norbert, patched by Richard
Mudgett)
-
- * --- Properly ignore AST_CONTROL_UPDATE_RTP_PEER in more places ---
- (Closes issue ASTERISK-18610. Reported by Kristijan_Vrban, patched by Terry
- Wilson, and again by Kristijan_Vrban)
-
- * --- Fix issue with removing peers by IP ---
- (Closes issue ASTERISK-18696. Reported by rsw686, patched by Terry Wilson)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc2
* Tue Nov 8 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.1.rc1
- The Asterisk Development Team announces the first release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Updated SIP 484 handling; added Incomplete control frame
- When a SIP phone uses the dial application and receives a 484 Address
- Incomplete response, if overlapped dialing is enabled for SIP, then the 484
- Address Incomplete is forwarded back to the SIP phone and the HANGUPCAUSE
- channel variable is set to 28. Previously, the Incomplete application
- dialplan logic was automatically triggered; now, explicit dialplan usage of
- the application is required.
- (Closes ASTERISK-17288. Reported by: Mikael Carlsson Tested by: Matthew
- Jordan Review: https://reviewboard.asterisk.org/r/1416/)
-
- * Prevent IAX2 from getting IPv6 addresses via DNS IAX2 does not support IPv6
- and getting such addresses from DNS can cause error messages on the remote
- end involving bad IPv4 address casts in the presence of IPv6/IPv4 tunnels.
- (Closes issue ASTERISK-18090. Patched by Kinsey Moore)
-
- * Fix bad RTP media bridges in directmedia calls on peers separated by
multiple
- Asterisk nodes.
- (Closes issue ASTERISK-18340. Reported by: Thomas Arimont. Closes issue
- ASTERISK-17725. Reported by: kwk. Tested by: twilson, jrose)
-
- * Fix crashes in ast_rtcp_write()
- (Closes issue ASTERISK-18570)
- Related issues that look like they are the same problem:
- (Issue ASTERISK-17560, ASTERISK-15406, ASTERISK-15257, ASTERISK-13334,
- ASTERISK-9977, ASTERISK-9716)
- Review: https://reviewboard.asterisk.org/r/1444/
- Patched by: Russell Bryant
-
- * Fix for incorrect voicemail duration in external notifications.
- This patch fixes an issue where the voicemail duration was being reported
- with a duration significantly less than the actual sound file duration.
- (Closes ASTERISK-16981. Reported by: Mary Ciuciu, Byron Clark, Brad House,
- Karsten Wemheuer, KevinH Tested by: Matt Jordan
- Review: https://reviewboard.asterisk.org/r/1443)
-
- * Prevent segfault if call arrives before Asterisk is fully booted.
- (Patched by alecdavis. https://reviewboard.asterisk.org/r/1407/)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc1
* Mon Oct 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asterisk
1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which
can
- lead to a remotely exploitable crash:
-
- Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-012, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #826474 - CVE-2012-2947 asterisk: Remote crash in IAX2 channel
driver (AST-2012-007)
https://bugzilla.redhat.com/show_bug.cgi?id=826474
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8685
2012-06-01 16:17:19
--------------------------------------------------------------------------------
Name : asterisk
Product : Fedora 15
Version : 1.8.12.2
Release : 1.fc15
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the
following
two issues:
* A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name, potentially causing a crash.
* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client closes its connection to the server,
a pointer in a structure is set to NULL. If the client was not in the
on-hook state at the time the connection was closed, this pointer is later
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-007 and AST-2012-008, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 30 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.2-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.2.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.2 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- Resolve crash in subscribing for MWI notifications
- (Closes issue ASTERISK-19827. Reported by B. R)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
* Wed May 30 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the
following
- two issues:
-
- * A remotely exploitable crash vulnerability exists in the IAX2 channel
- driver if an established call is placed on hold without a suggested music
- class. Asterisk will attempt to use an invalid pointer to the music
- on hold class name, potentially causing a crash.
-
- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
- Channel driver. When an SCCP client closes its connection to the server,
- a pointer in a structure is set to NULL. If the client was not in the
- on-hook state at the time the connection was closed, this pointer is later
- dereferenced. This allows remote authenticated connections the ability to
- cause a crash in the server, denying services to legitimate users.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-007 and AST-2012-008, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
* Thu May 3 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.12.0-1:
- The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.12.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Prevent chanspy from binding to zombie channels
- (Closes issue ASTERISK-19493. Reported by lvl)
-
- * --- Fix Dial m and r options and forked calls generating warnings
- for voice frames.
- (Closes issue ASTERISK-16901. Reported by Chris Gentle)
-
- * --- Remove ISDN hold restriction for non-bridged calls.
- (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
-
- * --- Fix copying of CDR(accountcode) to local channels.
- (Closes issue ASTERISK-19384. Reported by jamicque)
-
- * --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
- (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
-
- * --- Eliminate double close of file descriptor in manager.c
- (Closes issue ASTERISK-18453. Reported by Jaco Kroon)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
* Tue Apr 24 2012 Jeffrey Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.11.1-1:
- The Asterisk Development Team has announced security releases for Asterisk
1.6.2,
- 1.8, and 10. The available security releases are released as versions
1.6.2.24,
- 1.8.11.1, and 10.3.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following
two
- issues:
-
- * A permission escalation vulnerability in Asterisk Manager Interface. This
- would potentially allow remote authenticated users the ability to execute
- commands on the system shell with the privileges of the user running the
- Asterisk application.
-
- * A heap overflow vulnerability in the Skinny Channel driver. The keypad
- button message event failed to check the length of a fixed length buffer
- before appending a received digit to the end of that buffer. A remote
- authenticated user could send sufficient keypad button message events that
the
- buffer would be overrun.
-
- In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following
- issue:
-
- * A remote crash vulnerability in the SIP channel driver when processing
UPDATE
- requests. If a SIP UPDATE request was received indicating a connected line
- update after a channel was terminated but before the final destruction of
the
- associated SIP dialog, Asterisk would attempt a connected line update on a
- non-existing channel, causing a crash.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
* Fri Mar 30 2012 Russell Bryant <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.11.0-1
- Update to 1.8.11.0
* Sat Mar 17 2012 Russell Bryant <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.10.1-1
- Update to 1.8.10.1 from upstream.
- Fix remote stack overflow in app_milliwatt.
- Fix remote stack overflow, including possible code injection, in HTTP digest
authentication handling.
- Diable build of SRTP on ppc64, as it doesn't build right now.
- Resolves: rhbz#804045, rhbz#804038, rhbz#804042
* Fri Dec 9 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.2-1
- The Asterisk Development Team has announced security releases for Asterisk
1.4,
- 1.6.2 and 1.8. The available security releases are released as versions
1.4.43,
- 1.6.2.21 and 1.8.7.2.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an
issue
- with possible remote enumeration of SIP endpoints with differing NAT settings.
-
- The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
- possibility with SIP when the "automon" feature is enabled.
-
- The issues and resolutions are described in the AST-2011-013 and AST-2011-014
- security advisories.
-
- For more information about the details of these vulnerabilities, please read
the
- security advisories AST-2011-013 and AST-2011-014, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.43
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.21
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.2
-
- Security advisory AST-2011-013 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
-
- Security advisory AST-2011-014 is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
* Thu Nov 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.4.rc4
- The Asterisk Development Team has announced the fourth release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc4 resolves a particular issue with BLF
- subscriptions. A change in Asterisk 1.8.8.0-rc3 had the potential to cause a
- segfault, and this release candidate was created to resolve that.
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc4
* Thu Nov 10 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.3.rc3
- The Asterisk Development Team has announced the third release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc3 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Prevent BLF subscriptions from causing deadlocks.
- (Closes issue ASTERISK-18663)
- Review: https://reviewboard.asterisk.org/r/1563/
-
- * Fix deadlock if peer is destroyed while sending MWI notice.
- (Closes issue ASTERISK-18747)
- Reported by: Gregory Hinton Nietsky
-
- * Fix issue with setting defaultenabled on categories that are already enabled
- by default.
- (Closes issue ASTERISK-18738)
- Reported by: Paul Belanger
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc3
* Tue Nov 8 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.2.rc2
- The Asterisk Development Team has announced the second release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * --- Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012) ---
- http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
-
- * --- Fix locking order in app_queue.c which caused deadlocks ---
- (Closes issue ASTERISK-18101. Reported by Paul Rolfe, patched by Gregory
Nietsky)
- (Closes issue ASTERISK-18487. Reported by Jason Legault, patched by Gregory
- Nietsky)
-
- * --- Fix regression in configure script for libpri capability checks ---
- (Closes issue ASTERISK-18687. Reported by norbert, patched by Richard
Mudgett)
-
- * --- Properly ignore AST_CONTROL_UPDATE_RTP_PEER in more places ---
- (Closes issue ASTERISK-18610. Reported by Kristijan_Vrban, patched by Terry
- Wilson, and again by Kristijan_Vrban)
-
- * --- Fix issue with removing peers by IP ---
- (Closes issue ASTERISK-18696. Reported by rsw686, patched by Terry Wilson)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc2
* Tue Nov 8 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.8.0-0.1.rc1
- The Asterisk Development Team announces the first release candidate of
- Asterisk 1.8.8.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.8.0-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Updated SIP 484 handling; added Incomplete control frame
- When a SIP phone uses the dial application and receives a 484 Address
- Incomplete response, if overlapped dialing is enabled for SIP, then the 484
- Address Incomplete is forwarded back to the SIP phone and the HANGUPCAUSE
- channel variable is set to 28. Previously, the Incomplete application
- dialplan logic was automatically triggered; now, explicit dialplan usage of
- the application is required.
- (Closes ASTERISK-17288. Reported by: Mikael Carlsson Tested by: Matthew
- Jordan Review: https://reviewboard.asterisk.org/r/1416/)
-
- * Prevent IAX2 from getting IPv6 addresses via DNS IAX2 does not support IPv6
- and getting such addresses from DNS can cause error messages on the remote
- end involving bad IPv4 address casts in the presence of IPv6/IPv4 tunnels.
- (Closes issue ASTERISK-18090. Patched by Kinsey Moore)
-
- * Fix bad RTP media bridges in directmedia calls on peers separated by
multiple
- Asterisk nodes.
- (Closes issue ASTERISK-18340. Reported by: Thomas Arimont. Closes issue
- ASTERISK-17725. Reported by: kwk. Tested by: twilson, jrose)
-
- * Fix crashes in ast_rtcp_write()
- (Closes issue ASTERISK-18570)
- Related issues that look like they are the same problem:
- (Issue ASTERISK-17560, ASTERISK-15406, ASTERISK-15257, ASTERISK-13334,
- ASTERISK-9977, ASTERISK-9716)
- Review: https://reviewboard.asterisk.org/r/1444/
- Patched by: Russell Bryant
-
- * Fix for incorrect voicemail duration in external notifications.
- This patch fixes an issue where the voicemail duration was being reported
- with a duration significantly less than the actual sound file duration.
- (Closes ASTERISK-16981. Reported by: Mary Ciuciu, Byron Clark, Brad House,
- Karsten Wemheuer, KevinH Tested by: Matt Jordan
- Review: https://reviewboard.asterisk.org/r/1443)
-
- * Prevent segfault if call arrives before Asterisk is fully booted.
- (Patched by alecdavis. https://reviewboard.asterisk.org/r/1407/)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc1
* Mon Oct 17 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asterisk
1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which
can
- lead to a remotely exploitable crash:
-
- Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-012, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.1
* Mon Oct 3 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.7.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.7.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- Please note that a significant numbers of changes and fixes have gone into
- features.c in this release (call parking, built-in transfers, call pickup,
- etc.).
-
- NOTE:
-
- Recently, we were notified that the mechanism included in our Asterisk source
- code releases to download and build support for the iLBC codec had stopped
- working correctly; a little investigation revealed that this occurred because
of
- some changes on the ilbcfreeware.org website. These changes occurred as a
result
- of Google's acquisition of GIPS, who produced (and provided licenses for) the
- iLBC codec.
-
- If you are a user of Asterisk and iLBC together, and you've already executed a
- license agreement with GIPS, we believe you can continue using iLBC with
- Asterisk. If you are a user of Asterisk and iLBC together, but you had not
- executed a license agreement with GIPS, we encourage you to research the
- situation and consult with your own legal representatives to determine what
- actions you may want to take (or avoid taking).
-
- More information is available on the Asterisk blog:
-
-
http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googles-acquisition-of-gips/
-
- The following is a sample of the issues resolved in this release:
-
- * Added the 'storesipcause' option to sip.conf to allow the user to disable
the
- setting of HASH(SIP_CAUSE,) on the channel. Having chan_sip set
- HASH(SIP_CAUSE,) on the channel carries a significant performance
- penalty because of the usage of the MASTER_CHANNEL() dialplan function.
-
- We've decided to disable this feature by default in future 1.8 versions. This
- would be an unexpected behavior change for anyone depending on that SIP_CAUSE
- update in their dialplan. Please refer to the asterisk-dev mailing list more
- information:
-
- http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
-
- * Significant fixes and improvements to parking lots.
- (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430,
ASTERISK-17452,
- ASTERISK-17452, ASTERISK-15792. Reported by: David Cabrejos, Remi Quezada,
- Philippe Lindheimer, David Woolley, Mat Murdock. Patched by: rmudgett)
-
- * Numerous issues have been reported for deadlocks that are caused by a
blocking
- read in res_timing_timerfd on a file descriptor that will never be written
to.
-
- A change to Asterisk adds some checks to make sure that the timerfd is both
- valid and armed before calling read(). Should fix: ASTERISK-18142,
- ASTERISK-18197, ASTERISK-18166 and possibly others.
- (In essence, this change should make res_timing_timerfd usable.)
-
- * Resolve segfault when publishing device states via XMPP and not connected.
- (Closes issue ASTERISK-18078. Reported, patched by: Michael L. Young. Tested
- by Jonathan Rose)
-
- * Refresh peer address if DNS unavailable at peer creation.
- (Closes issue ASTERISK-18000)
-
- * Fix the missing DAHDI channels when using the newer chan_dahdi.conf sections
- for channel configuration.
- (Closes issue ASTERISK-18496. Reported by Sean Darcy. Patched by Richard
- Mudgett)
-
- * Remove unnecessary libpri dependency checks in the configure script.
- (Closes issue ASTERISK-18535. Reported by Michael Keuter. Patched by Richard
- Mudgett)
-
- * Update get_ilbc_source.sh script to work again.
- (Closes issue ASTERISK-18412)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-4
- Add additional patch for res_pktccops.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-3
- Add patch to fix compatibility with 389 directory server.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-2
- Add patches to fix many bug reports from bugzilla.
* Tue Sep 20 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.6.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix an issue with Music on Hold classes losing files in playlist when
realtime
- is used.
- (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by Igor
- Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth= and performing a
- 'sip reload' from the console.
- (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard
Mudgett)
-
- * Address some improper sql statements in res_odbc that would cause an update
- to fail on realtime peers due to trying to set as "(NULL)" rather than an
- actual NULL.
- (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by
Tilghman
- Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number of
times
- regardless to receipt of ACK.
- (Patched by Richard Mudgett)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
- always request PIN(P) options, MeetMe will ask for the PIN two times: once
for
- creating the conference and once for entering the conference.
- (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
- http://www.telepermit.co.nz/TNA102.pdf
- (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- * Segfault in shell_helper in func_shell.c
- (Closes issue ASTERISK-18109. Reported by Michael Myles, patched by Richard
- Mudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0
* Tue Aug 23 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-0.2.rc2
- The Asterisk Development Team has announced the second release candidate of
- Asterisk 1.8.6.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * --- Segfault in shell_helper in func_shell.c ---
- (Closes issue ASTERISK-18109.
- Reported by Michael Myles, patched by Richard Mudgett)
-
- * --- Re-add support for spaces in pathnames ---
- (Closes issue ASTERISK-18290.
- Reported by Paul Belanger, patched by Tilghman Lesher)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc2
* Thu Aug 11 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.6.0-0.1.rc1
- The Asterisk Development Team announces the first release candidate of
- Asterisk 1.8.6.0. This release candidate is available for immediate download
at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Fix an issue with Music on Hold classes losing files in playlist when
realtime
- is used.
- (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by Igor
- Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth= and performing a
- 'sip reload' from the console.
- (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard
Mudgett)
-
- * Address some improper sql statements in res_odbc that would cause an update
- to fail on realtime peers due to trying to set as "(NULL)" rather than an
- actual NULL.
- (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by
Tilghman
- Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number of
times
- regardless to receipt of ACK.
- (Patched by Richard Mudgett)
-
- * Updated chan_gtalk to work with changes made by Google.
- (Closes issue ASTERISK-18804. Patched by Terry Wilson)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
- always request PIN(P) options, MeetMe will ask for the PIN two times: once
for
- creating the conference and once for entering the conference.
- (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
- http://www.telepermit.co.nz/TNA102.pdf
- (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc1
* Thu Jul 21 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,
ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied
on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up.
If
- the call that the dialplan started an AGI script for is hungup while the AGI
- script is in the middle of a command then the AGI script is not notified of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by
rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from
issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul 7 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
* Fri Jul 1 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.1.rc1
- Fix systemd dependencies in EL6 and F15
* Fri Jul 1 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-3
- Bump release
* Fri Jul 1 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-2
- Fix systemd dependencies in EL6 and F15
* Thu Jun 30 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-0.1.rc1
- The Asterisk Development Team has announced the first release candidate of
- Asterisk 1.8.5. This release candidate is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,
ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied
on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up.
If
- the call that the dialplan started an AGI script for is hungup while the AGI
- script is in the middle of a command then the AGI script is not notified of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by
rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from
issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- * Fix timerfd locking issue.
- (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
-
- For a full list of changes in this release candidate, please see the
ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
* Thu Jun 30 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-2
- Fedora Directory Server -> 389 Directory Server
* Wed Jun 29 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.4-1
- The Asterisk Development Team has announced the release of Asterisk
- versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security
- releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
- following issue:
-
- AST-2011-011: Asterisk may respond differently to SIP requests from an
- invalid SIP user than it does to a user configured on the system, even
- when the alwaysauthreject option is set in the configuration. This can
- leak information about what SIP users are valid on the Asterisk
- system.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-011, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.2
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.2
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.4
-
- Security advisory AST-2011-011 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-011.pdf
* Mon Jun 27 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-3
- Don't forget stereorize
* Mon Jun 27 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-2
- Move /var/run/asterisk to /run/asterisk
- Add comments to systemd service file on how to mimic safe_asterisk
functionality
- Build more of the optional binaries
- Install the tmpfiles.d configuration on Fedora 15
* Fri Jun 24 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.3-1
- The Asterisk Development Team has announced the release of Asterisk versions
- 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several
issues
- as outlined below:
-
- * AST-2011-008: If a remote user sends a SIP packet containing a null,
- Asterisk assumes available data extends past the null to the
- end of the packet when the buffer is actually truncated when
- copied. This causes SIP header parsing to modify data past
- the end of the buffer altering unrelated memory structures.
- This vulnerability does not affect TCP/TLS connections.
- -- Resolved in 1.6.2.18.1 and 1.8.4.3
-
- * AST-2011-009: A remote user sending a SIP packet containing a Contact header
- with a missing left angle bracket (<) causes Asterisk to
- access a null pointer.
- -- Resolved in 1.8.4.3
-
- * AST-2011-010: A memory address was inadvertently transmitted over the
- network via IAX2 via an option control frame and the remote party would try
- to access it.
- -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
-
- The issues and resolutions are described in the AST-2011-008, AST-2011-009,
and
- AST-2011-010 security advisories.
-
- For more information about the details of these vulnerabilities, please read
- the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which
were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3
-
- Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available
- at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-010.pdf
* Tue Jun 21 2011 Jeffrey C. Ollie <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.4.2-2
- Convert to systemd
* Fri Jun 17 2011 Marcela MaÄ¹Ä 
Posljednje sigurnosne preporuke