ASTERWEB Blog

30Giu/110

Rilasciato Asterisk 1.8.5-rc1

logoasterisk

Il giorno 29 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.5-rc1

Dal post originale:
The Asterisk Development Team announces the first release candidate of
Asterisk 1.8.5. This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
cmaj)
Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
rossbeer, kowalma, Freddi_Fonet)
Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
Fix a nasty chanspy bug which was causing a channel leak every time a spied on
channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
This patch fixes a bug with MeetMe behavior where the 'P' option for always
prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant)
Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
the call that the dialplan started an AGI script for is hungup while the AGI
script is in the middle of a command then the AGI script is not notified of
the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
Resolve issue where leaving a voicemail, the MWI message is never sent. The
same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
Mudgett)
Resolve issue where wait for leader with Music On Hold allows crosstalk
between participants. Parenthesis in the wrong position. Regression from issue
#14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
Fix timerfd locking issue.
(Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1

Inserito in: Asterisk Nessun commento
30Giu/110

Rilasciato Asterisk 1.6.2.19 (Final Maintenance Release)

logoasterisk

Il giorno 29 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.19 (Final Maintenance Release)

Dal post originale:
The Asterisk Development Team has announced the final maintenance release of
Asterisk, version 1.6.2.19. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

Please note that Asterisk 1.6.2.19 is the final maintenance release from the
1.6.2 branch. Support for security related issues will continue until April 21,
2012. For more information about support of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

The release of Asterisk 1.6.2.19 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)

Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19

Inserito in: Asterisk Nessun commento
30Giu/110

Rilasciato Asterisk 1.4.42 (Final Maintenance Release)

logoasterisk

Il giorno 29 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.4.42 (Final Maintenance Release)

Dal post originale:
he Asterisk Development Team has announced the final maintenance release of
Asterisk, version 1.4.42. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

Please note that Asterisk 1.4.42 is the final maintenance release from the
1.4 branch. Support for security related issues will continue until April 21,
2012. For more information about support of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

The release of Asterisk 1.4.42 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

Resolve regression with ring groups in the Dial() application
(Closes issue ASTERISK-17874. Reported by mspuhler. Patched by elguero)
Resolve deadlock when using tab completion on the 'meetme kick' CLI command
when an invalid (non-existent) conference room is specified.
(Closes issue ASTERISK-17771. Reported, patched by zvision)
Resolve issue where voice frames could be dropped when checking for T.38
during early media.
(Closes issue ASTERISK-17705. Reported, patched by oej)
Resolve issue where DYNAMIC_FEATURES would not activate after a recent
DTMF fix.
(Closes issue ASTERISK-17914. Reported by vrban. Patched by twilson)

Additionally security announcements AST-2011-010, and AST-2011-011 have been
resolved in this release.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.42

Inserito in: Asterisk Nessun commento
30Giu/110

Rilasciati Asterisk 1.4.41.2, 1.6.2.18.2 e 1.8.4.4 (Security Release)

logoasterisk

Il giorno 28 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.4.41.2, 1.6.2.18.2 e 1.8.4.4 (Security Release)

Dal post originale:
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
following issue:

AST-2011-011: Asterisk may respond differently to SIP requests from an
invalid SIP user than it does to a user configured on the system, even when the
alwaysauthreject option is set in the configuration. This can leak information
about what SIP users are valid on the Asterisk system.

For more information about the details of this vulnerability, please read
the security advisory AST-2011-011, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-011 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-011.pdf

27Giu/110

Rilasciato Asterisk 1.6.2.19-rc1

logoasterisk

Il giorno 24 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.6.2.19-rc1

Dal post originale:
Please note that Asterisk 1.6.2.19 will be the final maintenance release from the
1.6.2 branch. Support for security related issues will continue for one
additional year. For more information about support of the various Asterisk
branches, see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

The release of Asterisk 1.6.2.19-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19-rc1

Inserito in: Asterisk Nessun commento
27Giu/110

Rilasciate nuove versioni Asterisk: 1.8.4.3, 1.6.2.18.1 e 1.4.41.1

logoasterisk

Il giorno 23 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.8.4.3, 1.6.2.18.1 e 1.4.41.1

Dal post originale:
he release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues
as outlined below:

AST-2011-008: If a remote user sends a SIP packet containing a null,
Asterisk assumes available data extends past the null to the
end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past
the end of the buffer altering unrelated memory structures.
This vulnerability does not affect TCP/TLS connections.
-- Resolved in 1.6.2.18.1 and 1.8.4.3
AST-2011-009: A remote user sending a SIP packet containing a Contact header
with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 1.8.4.3 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 The issues and resolutions are described in the AST-2011-008, AST-2011-009, and AST-2011-010 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-... Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available at: http://downloads.asterisk.org/pub/security/AST-2011-008.pdf http://downloads.asterisk.org/pub/security/AST-2011-009.pdf http://downloads.asterisk.org/pub/security/AST-2011-010.pdf

Inserito in: Asterisk Nessun commento
4Giu/110

Rilasciato Asterisk 1.8.4.2 (security release)

logoasterisk

Il giorno 2 giugno, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.4.2

Dal post originale:
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing which
can lead to a remotely exploitable crash:

Remote Crash Vulnerability in SIP channel driver (AST-2011-007)

The issue and resolution is described in the AST-2011-007 security
advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-007, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-007 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-007.pdf