ASTERWEB Blog

31Gen/110

Asterisk 1.8 e fail2ban

www.asterweb.org

www.asterweb.org

Per la corretta protezione di Asterisk 1.8 da parte di iptables/fail2ban è necessario utilizzare un "nuovo" file asterisk.conf. Questa la procedura di installazione:

# cd /etc/fail2ban/filter.d
# wget http://pbxinaflash.net/source/fail2ban/asterisk18.conf
# mv asterisk.conf asterisk14.conf
# mv asterisk18.conf asterisk.conf
# service fail2ban restart
28Gen/110

Rilasciato Asterisk 1.8.2.3

logoasterisk

Il giorno 26 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.2.3.

Dal post originale:

The release of Asterisk 1.8.2.3 resolves the following issue:

  • Reimplemented fax session reservation to reverse the ABI breakage introduced
    in r297486.
    (Reported by Jeremy Kister on the asterisk-users mailing list. Patched by
    mnicholson)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2.3

Thank you for your continued support of Asterisk!

Inserito in: Asterisk Nessun commento
28Gen/110

Rilasciato Asterisk 1.8.3-rc2

logoasterisk

Il giorno 26 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.3-rc2.

Dal post originale:

The release of Asterisk 1.8.3-rc2 resolves the following issues in addition to
those included in 1.8.3-rc1:

  • Resolve issue where no Music On Hold may be triggered when using
    res_timing_dahdi.
    (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
    by francesco_r, rfrantik, one47)
  • Resolve a memory leak when the Asterisk Manager Interface is disabled.
    (Reported internally by kmorgan. Patched by russellb)
  • Reimplemented fax session reservation to reverse the ABI breakage introduced
    in r297486.
    (Reported internally. Patched by mnicholson)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3-rc2

Thank you for your continued support of Asterisk!

Inserito in: Asterisk Nessun commento
28Gen/110

Rilasciato Asterisk 1.6.2.17-rc2

logoasterisk

Il giorno 26 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.17-rc2.

Dal post originale:

The release of Asterisk 1.6.2.17-rc2 resolves the following issues in addition
to those included in 1.6.2.17-rc1:

  • Resolve several issues with DTMF based attended transfers.
    (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchaun, grecco. Patched by rmudgett).
    NOTE: Be sure to read the ChangeLog for more information about these changes.
  • Resolve issue where no Music On Hold may be triggered when using
    res_timing_dahdi.
    (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
    by francesco_r, rfrantik, one47)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17-rc2

Thank you for your continued support of Asterisk!

Inserito in: Asterisk Nessun commento
28Gen/110

Rilasciato Asterisk 1.4.40-rc2

logoasterisk

Il giorno 26 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.40-rc2.

Dal post originale:

The release of Asterisk 1.4.40-rc2 resolves the following issues in addition to
those included in 1.4.40-rc1:

  • Resolve several issues with DTMF based attended transfers.
    (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
    shihchaun, grecco. Patched by rmudgett).
    NOTE: Be sure to read the ChangeLog for more information about these changes.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40-rc2

Thank you for your continued support of Asterisk!

Inserito in: Asterisk Nessun commento
21Gen/110

Rilasciato Asterisk 1.8.2.2 (Security Release)

logoasterisk

Il giorno 20 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.2.2.

Dal post originale:

The Asterisk Development Team has announced a release for the security issue
described in AST-2011-001.

Due to a failed merge, Asterisk 1.8.2.1 which should have included the security
fix did not. Asterisk 1.8.2.2 contains the the changes which should have been
included in Asterisk 1.8.2.1.

This releases is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
1.8.1.2, and 1.8.2.2 resolve an issue when forming an outgoing SIP request while
in pedantic mode, which can cause a stack buffer to be made to overflow if
supplied with carefully crafted caller ID information. The issue and resolution
are described in the AST-2011-001 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-001, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-001 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-001.pdf


21Gen/110

Rilasciato Asterisk 1.8.3-rc1

logoasterisk

Il giorno 19 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.3-rc1.

Dal post originale:

The release of Asterisk 1.8.3-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

  • Resolve duplicated data in the AstDB when using DIALGROUP()
    (Closes issue #18091. Reported by bunny. Patched by tilghman)
  • Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses.
    (Closes issue #18464. Reported, patched by IgorG)
  • Reworking parsing of mwi => lines to resolve a segfault. Also add a set of
    unit tests for the function that does the parsing.
    (Closes issue #18350. Reported by gbour. Patched by Marquis)
  • When using cdr_pgsql the billsec field was not populated correctly on
    unanswered calls.
    (Closes issue #18406. Reported by joscas. Patched by tilghman)
  • Resolve memory leak in iCalendar and Exchange calendaring modules.
    (Closes issue #18521. Reported, patched by pitel. Tested by cervajs)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3-rc1

Inserito in: Asterisk Nessun commento
21Gen/110

Rilasciato Asterisk 1.6.2.17-rc1

logoasterisk

Il giorno 19 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.17-rc1.

Dal post originale:

The release of Asterisk 1.6.2.17-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

  • Resolve duplicated data in the AstDB when using DIALGROUP()
    (Closes issue #18091. Reported by bunny. Patched by tilghman)
  • Correct issue where res_config_odbc could populate fields with invalid data.
    (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
    jthurman, elguero, zerohalo. Patched by tilghman)
  • When using cdr_pgsql the billsec field was not populated correctly on
    unanswered calls.
    (Closes issue #18406. Reported by joscas. Patched by tilghman)
  • Resolve issue where re-transmissions of SUBSCRIBE could break presence.
    (Closes issue #18075. Reported by mdu113. Patched by twilson)
  • Fix regression causing forwarding voicemails to not work with file storage.
    (Closes issue #18358. Reported by cabal95. Patched by jpeeler)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17-rc1

Inserito in: Asterisk Nessun commento
21Gen/110

Rilasciato Asterisk 1.4.40-rc1

logoasterisk

Il giorno 19 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.40-rc1.

Dal post originale:

The release of Asterisk 1.4.40-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

  • Correct issue where res_config_odbc could populate fields with invalid data.
    (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
    jthurman, elguero, zerohalo. Patched by tilghman)
  • Resolve issue where re-transmissions of SUBSCRIBE could break presence.
    (Closes issue #18075. Reported by mdu113. Patched by twilson)
  • Resolve issue in res_odbc where it may crash when a query fails.
    (Closes issue #18243. Reported, patched by ks3)
  • Fix CPU spike when pressing DTMF after agent login.
    (Closes issue #18130. Reported by rgj. Patched by jpeeler)
  • Fix cross-compiling issue.
    (Closes issue #18301. Reported, patched by abelbeck)
  • This version of Asterisk includes the new Compiler Flags option
    BETTER_BACKTRACES which uses libbfd to search for better symbol information
    within both the Asterisk binary, as well as loaded modules, to assist when
    using inline backtraces to track down problems.
    (Patched by tilghman)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40-rc1

Inserito in: Asterisk Nessun commento
19Gen/110

Sicurezza: AST-2011-001 – Stack buffer overflow in SIP channel driver

logoasterisk

Ecco un estratto del documento sulla sicurezza AST-2011-001:

Description When forming an outgoing SIP request while in pedantic mode, a stack buffer can
be made to overflow if supplied with carefully crafted caller ID information. This
vulnerability also affects the URIENCODE dialplan function and in some versions
of asterisk, the AGI dialplan application as well. The ast_uri_encode function does
not properly respect the size of its output buffer and can write past the end of it
when encoding URIs.
Resolution The size of the output buffer passed to the ast_uri_encode function is now
properly respected.
In asterisk versions not containing the fix for this issue, limiting strings originating
from remote sources that will be URI encoded to a length of 40 characters will
protect against this vulnerability.
exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})
exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => s,n,Dial(SIP/channel)
The CALLERID(num) and CALLERID(name) channel values, and any strings passed
to the URIENCODE dialplan function should be limited in this manner.

Ast-2011-001

14Gen/110

Asterisk 1.8.2 Now Available

logoasterisk

Il giorno 14 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.2 (il post ufficiale titola "1.8.3" ma si tratta sicuramente di un errore "di battitura").

Dal post originale:
The following is a sample of the issues resolved in this release:

* 'sip notify clear-mwi' needs terminating CRLF.
(Closes issue #18275. Reported, patched by klaus3000)
* Patch for deadlock from ordering issue between channel/queue locks in
app_queue (set_queue_variables).
(Closes issue #18031. Reported by rain. Patched by bbryant)
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Fix reloading of peer when a user is requested. Prevent peer reloading from
causing multiple MWI subscriptions to be created when using realtime.
(Closes issue #18342. Reported, patched by nivek.)
* Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
so res_jabber doesn't think there is already an XMPP connection sending
device state. Also clean up CLI commands a bit.
(Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
* Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
setting peer->cdr = NULL, set it to not post.
(Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
* Fixes issue with outbound google voice calls not working. Thanks to az1234
and nevermind_quack for their input in helping debug the issue.
(Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2

Inserito in: Asterisk Nessun commento
14Gen/110

Asterisk 1.6.2.16 Now Available

logoasterisk

Il giorno 14 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.16

Dal post originale:
The following is a sample of the issues resolved in this release:

* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Linux and *BSD disagree on the elements within the ucred structure. Detect
which one is in use on the system.
(Closes issue #18384. Reported, patched, tested by bjm, tilghman)
* app_followme: Don't create a Local channel if the target extension does not
exist.
(Closes issue #18126. Reported, patched by junky)
* Revert code that changed SSRC for DTMF.
(Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
Tested by cmbaker82)
* Resolve issue where REGISTER request with a Call-ID matching an existing
transaction is received it was possible that the REGISTER request would
overwrite the initreq of the private structure.
(Closes issue #18051. Reported by eeman. Patched, tested by twilson)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16

Inserito in: Asterisk Nessun commento