Asterisk 13.25.0-rc1 Now Available
The Asterisk Development Team would like to announce the first release candidate of Asterisk 13.25.0.
This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 13.25.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-28271 - Opensuse Leap 15 --with-jannson-bundled will not compile
(Reported by David Wilcox)
* ASTERISK-28104 - AstriCon Feedback: Automatically create a 1 line dialplan context for stasis apps
(Reported by George Joseph)
* ASTERISK-28238 - PJSIP realtime. getcontext not working with DUNDI
(Reported by Ray)
* ASTERISK-28173 - Deadlock in chan_sip handling subscribe request during res_parking reload
(Reported by Giuseppe Sucameli)
* ASTERISK-28263 - codec_opus: errors setting max_playback_rate and bitrate to "sdp"
(Reported by Gianluca Merlo)
* ASTERISK-28250 - build: Cross-compilation fails for target arm-linux-gnueabihf
(Reported by Jean Aunis - Prescom)
* ASTERISK-28156 - Race condition involving session->media (res_pjsip_session) leads to crash.
(Reported by Paulo Vicentini)
* ASTERISK-28257 - res_http_websocket: PING / PONG opcodes break data reception
(Reported by Jeremy Lainé)
* ASTERISK-28252 - HangupHandler manager events are never thrown
(Reported by Gerald Schnabel)
* ASTERISK-28213 - res_pjsip: Threads pile up needlessly when AOR is blocked
(Reported by Ross Beer)
* ASTERISK-28231 - res_http_websocket: Not responding to Connection Close Frame (opcode 8)
(Reported by Jeremy Lainé)
* ASTERISK-28249 - res_monitor: Segfault with Monitor(wav,file,i)
(Reported by Valentin Vidić)
* ASTERISK-28244 - stasis: Filter messages at publishing to AMI/ARI
(Reported by Joshua C. Colp)
* ASTERISK-28197 - stasis: ast_endpoint struct holds the channel_ids of channels past destruction in certain cases
(Reported by Mohit Dhiman)
* ASTERISK-28232 - core: RAII using clang use-after-scope issue
(Reported by Diederik de Groot)
* ASTERISK-28225 - app_voicemail: Channel variable VM_MESSAGEFILE not updated correctly if message marked "urgent"
(Reported by boatright)
* ASTERISK-28212 - stasis: Statistics broke ABI under developer mode
(Reported by Joshua C. Colp)
* ASTERISK-28222 - Regression: MWI polling no longer works
(Reported by abelbeck)
* ASTERISK-28221 - Bug in ast_coredumper
(Reported by Andrew Nagy)
* ASTERISK-28162 - [patch] need to reset DTMF last sequence number and timestamp on RTP renegotiation
(Reported by Alexei Gradinari)
* ASTERISK-28215 - app_voicemail: Leaving voicemail sometimes doesn't trigger NOTIFYs
(Reported by George Joseph)
* ASTERISK-27959 - [patch] Asterisk 15.4.1 h264 fmtp negotiation problem
(Reported by David Kuehling)
* ASTERISK-28117 - stasis: Add statistics for usage when in developer mode
(Reported by Joshua C. Colp)
* ASTERISK-28201 - [patch] confbridge: no announce to the marked users when they join an empty conference
(Reported by Alexei Gradinari)
* ASTERISK-28194 - chan_sip: Leak using contact ACL
(Reported by Giuseppe Sucameli)
* ASTERISK-28186 - stasis: Filter messages at publishing based on to_* presence
(Reported by Joshua C. Colp)
* ASTERISK-27095 - chan_pjsip: When connected_line_method is set to invite, we're not trying UPDATE
(Reported by George Joseph)
* ASTERISK-28182 - chan_pjsip: When connected_line_method is set to invite, asterisk is not trying UPDATE
(Reported by nappsoft)
Improvements made in this release:
-----------------------------------
* ASTERISK-28246 - Support skipping on the g726 format
(Reported by Eyal Hasson)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.25.0-rc1
Thank you for your continued support of Asterisk!
Asterisk 16.2.0-rc1 Now Available
The Asterisk Development Team would like to announce the first release candidate of Asterisk 16.2.0.
This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 16.2.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-28173 - Deadlock in chan_sip handling subscribe request during res_parking reload
(Reported by Giuseppe Sucameli)
* ASTERISK-28104 - AstriCon Feedback: Automatically create a 1 line dialplan context for stasis apps
(Reported by George Joseph)
* ASTERISK-28271 - Opensuse Leap 15 --with-jannson-bundled will not compile
(Reported by David Wilcox)
* ASTERISK-28238 - PJSIP realtime. getcontext not working with DUNDI
(Reported by Ray)
* ASTERISK-28263 - codec_opus: errors setting max_playback_rate and bitrate to "sdp"
(Reported by Gianluca Merlo)
* ASTERISK-28250 - build: Cross-compilation fails for target arm-linux-gnueabihf
(Reported by Jean Aunis - Prescom)
* ASTERISK-28257 - res_http_websocket: PING / PONG opcodes break data reception
(Reported by Jeremy Lainé)
* ASTERISK-28252 - HangupHandler manager events are never thrown
(Reported by Gerald Schnabel)
* ASTERISK-28213 - res_pjsip: Threads pile up needlessly when AOR is blocked
(Reported by Ross Beer)
* ASTERISK-28249 - res_monitor: Segfault with Monitor(wav,file,i)
(Reported by Valentin Vidić)
* ASTERISK-28244 - stasis: Filter messages at publishing to AMI/ARI
(Reported by Joshua C. Colp)
* ASTERISK-28231 - res_http_websocket: Not responding to Connection Close Frame (opcode 8)
(Reported by Jeremy Lainé)
* ASTERISK-28197 - stasis: ast_endpoint struct holds the channel_ids of channels past destruction in certain cases
(Reported by Mohit Dhiman)
* ASTERISK-28232 - core: RAII using clang use-after-scope issue
(Reported by Diederik de Groot)
* ASTERISK-28230 - res_rtp_asterisk: abs-send-time extension added with Asterisk 15.5.0 breaks GXV3140 video telephony
(Reported by David Kuehling)
* ASTERISK-28162 - [patch] need to reset DTMF last sequence number and timestamp on RTP renegotiation
(Reported by Alexei Gradinari)
* ASTERISK-28225 - app_voicemail: Channel variable VM_MESSAGEFILE not updated correctly if message marked "urgent"
(Reported by boatright)
* ASTERISK-28218 - app_queue: Asterisk crashes when using Queue with a pre-dial handler (option b)
(Reported by Mark)
* ASTERISK-28212 - stasis: Statistics broke ABI under developer mode
(Reported by Joshua C. Colp)
* ASTERISK-28222 - Regression: MWI polling no longer works
(Reported by abelbeck)
* ASTERISK-28221 - Bug in ast_coredumper
(Reported by Andrew Nagy)
* ASTERISK-28215 - app_voicemail: Leaving voicemail sometimes doesn't trigger NOTIFYs
(Reported by George Joseph)
* ASTERISK-27959 - [patch] Asterisk 15.4.1 h264 fmtp negotiation problem
(Reported by David Kuehling)
* ASTERISK-28201 - [patch] confbridge: no announce to the marked users when they join an empty conference
(Reported by Alexei Gradinari)
* ASTERISK-28117 - stasis: Add statistics for usage when in developer mode
(Reported by Joshua C. Colp)
* ASTERISK-28186 - stasis: Filter messages at publishing based on to_* presence
(Reported by Joshua C. Colp)
* ASTERISK-28194 - chan_sip: Leak using contact ACL
(Reported by Giuseppe Sucameli)
* ASTERISK-27095 - chan_pjsip: When connected_line_method is set to invite, we're not trying UPDATE
(Reported by George Joseph)
* ASTERISK-28182 - chan_pjsip: When connected_line_method is set to invite, asterisk is not trying UPDATE
(Reported by nappsoft)
* ASTERISK-28157 - Asterisk crashes when the res_pjsip_* modules unload
(Reported by sungtae kim)
Improvements made in this release:
-----------------------------------
* ASTERISK-28246 - Support skipping on the g726 format
(Reported by Eyal Hasson)
* ASTERISK-28196 - bridge_softmix: Does not support WebRTC source with multi video tracks.
(Reported by Xiemin Chen)
* ASTERISK-28198 - res_ari: Add new hangup causes for ARI Channel DELETE command
(Reported by Sebastian Damm)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-16.2.0-rc1
Thank you for your continued support of Asterisk!
L’assistente telefonico “educato” per tutti i centralini Asterisk (lo vorrai anche tu)
Molte sono le applicazioni che inglobano un sistema di riconoscimento vocale sempre finalizzato a rendere l'esperienza d'uso più smart. Poco è stato fatto però nell'ambito PBX contestualizzato alle aziende, almeno fino ad ora. Infatti, l' azienda campana BeeVoip ha messo a punto una sorta di segretaria virtuale con un minimo di intelligenza artificiale in grado di riconoscere il cliente chiamante e di instradarlo verso la persona o il settore di competenza desiderati. L'idea è molto interessante, visto che tra l'altro il sistema che hanno sviluppato si aggancia al PBX Asterisk senza l'ausilio di API quali quelle di GOOGLE, Lumenvox o altri. Allego il video di una dimostrazione che certamente promette molto.
Kamailio v5.1.7 Released
E stata rilasciata la versione 5.1.7 di Kamailio.
Dal post originale:
Kamailio SIP Server v5.1.7 stable is out – a minor release including fixes in code and documentation since v5.1.6. The configuration file and database schema compatibility is preserved, which means you don’t have to change anything to update.
Kamailio® v5.1.7 is based on the latest source code of GIT branch 5.1 and it represents the latest stable version. We recommend those running previous 5.1.x or older versions to upgrade. There is no change that has to be done to configuration file or database structure comparing with the previous releases of the v5.1 branch.
Il link: https://www.kamailio.org/w/2019/01/kamailio-v5-1-7-released/
Rilasciato Asterisk 16.0.0
Il giorno 09 ottobre 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 16.0.0.
Dal post originale:
The release of Asterisk 16.0.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-28013 - res_http_websocket: Crash when reading HTTP Upgrade requests (Reported by Sean Bright)
...
Rilasciato Asterisk 15.5.0
Il giorno 12 luglio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.5.0.
Dal post originale:
The release of Asterisk 15.5.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27818 - Username bruteforce is possible when using ACL with PJSIP (Reported by John)
...
Rilasciato Asterisk 13.22.0
Il giorno 12 luglio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.22.0.
Dal post originale:
The release of Asterisk 13.22.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27783 - res_pjsip_pubsub: apparent crash on shutdown (Reported by Kevin Harwell)
...
Rilasciato Asterisk 15.4.0
Il giorno 01 maggio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.4.0.
Dal post originale:
The release of Asterisk 15.4.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-27704 - Add cache_pools debug option to pjproject.conf (Reported by Richard Mudgett)
...
Rilasciato Asterisk 13.21.0
Il giorno 01 maggio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.21.0.
Dal post originale:
The release of Asterisk 13.21.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-27704 - Add cache_pools debug option to pjproject.conf (Reported by Richard Mudgett)
...
Rilasciato Asterisk 15.3.0
Il giorno 15 marzo 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.3.0.
Dal post originale:
The release of Asterisk 15.3.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27658 - WebSocket frames with 0 sized payload causes DoS (Reported by Sean Bright)
...
Rilasciato Asterisk 13.20.0
Il giorno 15 marzo 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.20.0.
Dal post originale:
The release of Asterisk 13.20.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci)
...
Rilasciato Asterisk 15.2.0
Il giorno 13 gennaio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 15.2.0.
Dal post originale:
The release of Asterisk 15.2.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-27478 - PJSIP: Add CHANNEL(pjsip,request_uri) to get incoming INVITE Request-URI. (Reported by Richard Mudgett)
...
Rilasciato Asterisk 13.19.0
Il giorno 13 gennaio 2018, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.19.0.
Dal post originale:
The release of Asterisk 13.19.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-27478 - PJSIP: Add CHANNEL(pjsip,request_uri) to get incoming INVITE Request-URI. (Reported by Richard Mudgett)
...
Rilasciati Asterisk 13.18.5, 14.7.5, 15.1.5 and 13.18-cert2 (Security)
The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are released as versions 13.18.5, 4.7.5, 15.1.5 and 13.18-cert2.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2017-014: Crash in PJSIP resource when missing a contact header
A select set of SIP messages create a dialog in Asterisk. Those SIP messages
must contain a contact header. For those messages, if the header was not
present and using the PJSIP channel driver, it would cause Asterisk to crash.
The severity of this vulnerability is somewhat mitigated if authentication is
enabled. If authentication is enabled a user would have to first be authorized
before reaching the crash point.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.5
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.5
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.1.5
https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-13.18-cert2
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2017-014.pdf
AST-2017-014: Crash in PJSIP resource when missing a contact header
Asterisk Project Security Advisory - AST-2017-014
Product Asterisk
Summary Crash in PJSIP resource when missing a contact
header
Nature of Advisory Remote Crash
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On December 12, 2017
Reported By Ross Beer
Posted On
Last Updated On December 22, 2017
Advisory Contact Kevin Harwell
CVE Name
Description A select set of SIP messages create a dialog in Asterisk.
Those SIP messages must contain a contact header. For those
messages, if the header was not present and using the PJSIP
channel driver, it would cause Asterisk to crash. The
severity of this vulnerability is somewhat mitigated if
authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the
crash point.
Resolution When using the Asterisk PJSIP resource, and one of the SIP
messages that create a dialog is received Asterisk now
checks to see if the message contains a contact header. If
it does not Asterisk now responds with a "400 Missing
Contact header".
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Asterisk Open Source 15.x All versions
Certified Asterisk 13.18 All versions
Corrected In
Product Release
Asterisk Open Source 13.18.5, 14.7.5, 15.1.5
Certified Asterisk 13.18-cert2
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-014-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-014-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-014-15.diff Asterisk
15
http://downloads.asterisk.org/pub/security/AST-2017-014-13.18.diff Certified
Asterisk
13.18
Links https://issues.asterisk.org/jira/browse/ASTERISK-27480
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-014.pdf and
http://downloads.digium.com/pub/security/AST-2017-014.html
Revision History
Date Editor Revisions Made
December 20, 2017 Kevin Harwell Initial Revision
Asterisk Project Security Advisory - AST-2017-014
Copyright (c) 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.