SICUREZZA: AST-2012-012: Asterisk Manager User Unauthorized Shell Access
Questo il link per scaricare il PDF
Rilasciato Asterisk 11.0.0-beta1
Il giorno 10 agosto, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 11.0.0-beta1
Dal post originale:
All interested users of Asterisk are encouraged to participate in the
Asterisk 11 testing process. Please report any issues found to the issue
tracker, https://issues.asterisk.org/jira. It is also very useful to see
successful test reports. Please post those to the asterisk-dev mailing list.
All Asterisk users are invited to participate in the #asterisk-testing channel
on IRC to work together in testing the many parts of Asterisk.
Asterisk 11 is the next major release series of Asterisk. It will be a Long
Term Support (LTS) release, similar to Asterisk 1.8. For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
For important information regarding upgrading to Asterisk 11, please see the
Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
A short list of new features includes:
A new channel driver named chan_motif has been added which provides support
for Google Talk and Jingle in a single channel driver. This new channel
driver includes support for both audio and video, RFC2833 DTMF, all codecs
supported by Asterisk, hold, unhold, and ringing notification. It is also
compliant with the current Jingle specification, current Google Jingle
specification, and the original Google Talk protocol.
Support for the WebSocket transport for chan_sip.
SIP peers can now be configured to support negotiation of ICE candidates.
The app_page application now no longer depends on DAHDI or app_meetme. It
has been re-architected to use app_confbridge internally.
Hangup handlers can be attached to channels using the CHANNEL() function.
Hangup handlers will run when the channel is hung up similar to the h
extension; however, unlike an h extension, a hangup handler is associated with
the actual channel and will execute anytime that channel is hung up,
regardless of where it is in the dialplan.
Added pre-dial handlers for the Dial and Follow-Me applications. Pre-dial
allows you to execute a dialplan subroutine on a channel before a call is
placed but after the application performing a dial action is invoked. This
means that the handlers are executed after the creation of the caller/callee
channels, but before any actions have been taken to actually dial the callee
channels.
Log messages can now be easily associated with a certain call by looking at
a new unique identifier, "Call Id". Call ids are attached to log messages for
just about any case where it can be determined that the message is related
to a particular call.
Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in
Asterisk. Unlike traditional ACLs defined in specific module configuration
files, Named ACLs can be shared across multiple modules.
The Hangup Cause family of functions and dialplan applications allow for
inspection of the hangup cause codes for each channel involved in a call.
This allows a dialplan writer to determine, for each channel, who hung up and
for what reason(s).
Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE()
lets you set some of the configuration options from the general section
of features.conf on a per-channel basis. FEATUREMAP() lets you customize
the key sequence used to activate built-in features, such as blindxfer,
and automon.
Support for named pickupgroups/callgroups, allowing any number of pickupgroups
and callgroups to be defined for several channel drivers.
IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework.
More information about the new features can be found on the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation
A full list of all new features can also be found in the CHANGES file.
http://svnview.digium.com/svn/asterisk/branches/11/CHANGES
For a full list of changes in the current release, please see the ChangeLog.
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
Rilasciato Asterisk 10.4.0
Il giorno 2 maggio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.4.0
Dal post originale:
The Asterisk Development Team has announced the release of Asterisk 10.4.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 10.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
--- Prevent chanspy from binding to zombie channels
(Closes issue ASTERISK-19493. Reported by lvl)
--- Fix Dial m and r options and forked calls generating warnings
for voice frames.
(Closes issue ASTERISK-16901. Reported by Chris Gentle)
--- Remove ISDN hold restriction for non-bridged calls.
(Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
--- Fix copying of CDR(accountcode) to local channels.
(Closes issue ASTERISK-19384. Reported by jamicque)
--- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
(Closes issue ASTERISK-19303. Reported by Jon Tsiros)
--- Eliminate double close of file descriptor in manager.c
(Closes issue ASTERISK-18453. Reported by Jaco Kroon)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.0
Rilasciato Asterisk 1.8.12.0
Il giorno 2 maggio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.12.0
Dal post originale:
The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
--- Prevent chanspy from binding to zombie channels
(Closes issue ASTERISK-19493. Reported by lvl)
--- Fix Dial m and r options and forked calls generating warnings
for voice frames.
(Closes issue ASTERISK-16901. Reported by Chris Gentle)
--- Remove ISDN hold restriction for non-bridged calls.
(Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
--- Fix copying of CDR(accountcode) to local channels.
(Closes issue ASTERISK-19384. Reported by jamicque)
--- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
(Closes issue ASTERISK-19303. Reported by Jon Tsiros)
--- Eliminate double close of file descriptor in manager.c
(Closes issue ASTERISK-18453. Reported by Jaco Kroon)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
Rilasciato Asterisk 10.3.0
Il giorno 29 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.3.0
Dal post originale:
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
--- Fix potential buffer overrun and memory leak when executing "sip
show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)
--- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)
--- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)
--- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)
--- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)
--- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0
Rilasciato Asterisk 1.8.11.0
Il giorno 29 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.11.0
Dal post originale:
The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
--- Fix potential buffer overrun and memory leak when executing "sip
show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)
--- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)
--- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)
--- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)
--- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)
--- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0
Rilasciate le Security Release di Asterisk 1.4.44, 16.2.23, 1.8.10.1, 10.2.1
Il giorno 15 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk: 1.4.44, 16.2.23, 1.8.10.1, 10.2.1 Now Available (Security Release)
Dal post originale:
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein app_milliwatt
can potentially overrun a buffer on the stack, causing Asterisk to crash. This
does not have the potential for remote code execution.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they
resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun
on the stack, but no remote code execution is possible. Second, they resolve
an issue in HTTP AMI where digest authentication information can be used to
overrun a buffer on the stack, allowing for code injection and execution.
These issues and their resolution are described in the security advisory.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2012-002 and AST-2012-003, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Rilasciato Asterisk 10.2.0-rc1
Il giorno 01 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.2.0-rc1
Dal post originale:
The release of Asterisk 10.2.0-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
Include iLBC source code for distribution with Asterisk
Clarification regarding the iLBC source code was provided by Google, and the
appropriate licenses have been included in the codecs/ilbc folder.
(closes issue: ASTERISK-18943) Reporter: Leif Madsen
Fix crash from bridge channel hangup race condition in ConfBridge
This patch addresses two issues in ConfBridge and the channel bridge layer:
1. It fixes a race condition wherein the bridge channel could be hung up
2. It removes the deadlock avoidance from the bridging layer and makes
the bridge_pvt an ao2 ref counted object
(issue ASTERISK-18988, ASTERISK-18885, ASTERISK-19100)
Reported by: Dmitry Melekhov, Alexander Akimov
Don't do a DNS lookup on an outbound REGISTER host if there is an
outbound proxy configured.
(closes issue ASTERISK-16550) reported by: Olle Johansson
Create and initialize udptl only when a dialog negotiates for image media
Prior to this patch, the udptl struct was allocated and initialized when a
dialog was associated with a peer that supported T.38, when a new SIP
channel was allocated, or when an INVITE request was received. This resulted
in any dialog associated with a peer that supported T.38 having udptl
support assigned to it, including the UDP ports needed for
communication. This patch creates and initializes the udptl structure only
when the SDP for a dialog specifies that image media is supported, or when
Asterisk indicates that a dialog needs to support T.38.
(closes issue ASTERISK-16698, ASTERISK-16794)
Reported by: under, Elazar; Tested by: Stefan Schmidt
Allow only one thread at time to do Asterisk cleanup/shutdown
Add locking around the really-really-quit part of the core stop/restart part.
Previously more than one thread could be called to do cleanup, causing atexit
handlers to be run multiple times, in turn causing segfaults.
(issue ASTERISK-18883)
Patch by: Walter Doekes
Fix outbound DTMF for inband mode in chan_ooh323
This tells asterisk core to generate DTMF sounds. (Closes issue
ASTERISK-19233) Reported by: Matt Behrens Patches:
chan_ooh323.c.patch uploaded by Matt Behrens (License #6346)
And much more! For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
Rilasciato Asterisk 10.1.0
Il giorno 27 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.1.0
Dal post originale:
The release of Asterisk 10.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda
Allow playback of formats that don't support seeking.
ast_streamfile previously did unconditional seeking on files that broke playback of
formats that don't support that functionality. This patch avoids the
seek that was causing the problem.
(closes issue ASTERISK-18994) Patched by: Timo Teras
Add pjmedia probation concepts to res_rtp_asterisk's learning mode.
In order to better handle RTP sources with strictrtp enabled (which is the
default setting in 10) using the learning mode to figure out new sources
when they change is handled by checking for a number of consecutive (by
sequence number) packets received to an rtp struct based on a new
configurable value called 'probation'. Also, during learning mode instead
of liberally accepting all packets received, we now reject packets until a
clear source has been determined.
Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.
Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
Fix timing source dependency issues with MOH.
Prior to this patch, res_musiconhold existed at the same module priority level
as the timing sources that it depends on. This would cause a problem when music
on hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
Fix RTP reference leak.
If a blind transfer were initiated using a REFER without a prior reINVITE
to place the call on hold, AND if Asterisk were sending RTCP reports, then
there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
Fix blind transfers from failing if an 'h' extension is present.
This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
Restore call progress code for analog ports.
Extracting sig_analog from chan_dahdi lost call progress detection
functionality. Fix analog ports from considering a call answered
immediately after dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0
Rilasciato Asterisk 1.8.9.0
Il giorno 27 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.9.0
Dal post originale:
The release of Asterisk 1.8.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda
Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.
Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
Fix timing source dependency issues with MOH.
Prior to this patch, res_musiconhold existed at the same module priority level
as the timing sources that it depends on. This would cause a problem when music
on hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
Fix RTP reference leak.
If a blind transfer were initiated using a REFER without a prior reINVITE
to place the call on hold, AND if Asterisk were sending RTCP reports, then
there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
Fix blind transfers from failing if an 'h' extension is present.
This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
Restore call progress code for analog ports.
Extracting sig_analog from chan_dahdi lost call progress detection
functionality. Fix analog ports from considering a call answered
immediately after dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0
Rilasciati Asterisk 1.8.8.2, 10.0.1 (Security Release)
Il giorno 19 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.8.8.2 e 10.0.1
Dal post originale:
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.
The issue and its resolution is described in the security advisory.
For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
Security advisory AST-2012-001 is available at:
Rilasciato Asterisk 10.0.0-rc3
Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.0.0-rc3
Dal post originale:
The Asterisk Development Team has announced the third release candidate of
Asterisk 10.0.0. This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.0.0-rc3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
Add ASTSBINDIR to the list of configurable paths
This patch also makes astdb2sqlite3 and astcanary use the configured
directory instead of relying on $PATH.
Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.
Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.
Fix a change in behavior in 'database show' from 1.8.
In 1.8 and previous versions, one could use any fullword portion of
the key name, including the full key, to obtain the record. Until this
patch, this did not work for the full key.
Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.
In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.
Fixed SendMessage stripping extension from To: header in SIP MESSAGE
When using the MessageSend application to send a SIP MESSAGE to a
non-peer, chan_sip stripped off the extension and failed to add it back
to the sip_pvt structure before transmitting. This patch adds the full
URI passed in from the message core to the sip_pvt structure.
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.0.0-rc3
Rilasciato Asterisk 1.8.8.0-rc5
Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.8.0-rc5
Dal post originale:
he release of Asterisk 1.8.8.0-rc5 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.
Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.
Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.
In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc5
Rilasciati Asterisk (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2
Il giorno 12 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2
Dal post originale:
hese releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue
with possible remote enumeration of SIP endpoints with differing NAT settings.
The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
possibility with SIP when the "automon" feature is enabled.
The issues and resolutions are described in the AST-2011-013 and AST-2011-014
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-013 and AST-2011-014, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
Security advisory AST-2011-013 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
Security advisory AST-2011-014 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
Mercoledì 6 dicembre FREE WEBINAR parte II: “Monitoriamo i nostri Asterisk (e non solo) con Nagios”
Mercoledì 6 dicembre, dalle ore 14:00 alle ore 15:00, si terrà il FREE WEBINAR parte II: "Monitoriamo i nostri Asterisk (e non solo) con Nagios" organizzato in collaborazione con Sigmaware Srl ed aperto a tutti.
Questo incontro sarà di carattere esclusimamente tecnico. Vedremo:
|
Attenzione: potete richiederci il pdf del precedente Free Webinar di Nagios, scrivendoci a webinar@sigmaware.it
Per l'adesione: www.asterweb.org nella home page, troverai il form da compilare.
Per qualsiasi info, puoi contattarci:
- CHAT: dal sito www.asterweb.org
- SKYPE: asterweb
- MSN: asterweb@tiscali.it
- TELEFONO: 02-45077711
Con l'auspicio di incontrarti al webinar, ti salutiamo cordialemte
ASTERWEB
Lo Staff
Il nostro software per tutte le distro.
Scopri le tante funzioni che trasformeranno il tuo centralino e miglioreranno l'organizzazione della tua Azienda. Scarica la DEMO gratuita. Clicca QUI