Tzafrir Cohen wrote: > On Fri, May 09, 2008 at 11:50:59AM -0400, Drew Gibson wrote: > >> equis software wrote: >> >>> Hi, I allways use Gentoo y my Asterisk servers and work well, but what >>> do you think about to use Ubuntu or another distibution?? >>> >>> Thanks >>> >> I have run Asterisk on several Fedora versions, Debian, Unslung (on the >> NSLU2 or "Slug") and recently Ubuntu. My most critical servers are on >> Debian and new ones will be on Ubuntu LTS. >> >> I have had very few OS specific issues. I have always built from source >> except on the Slug but I noticed that Ubuntu has it in the apt >> repository which would be a great convenience if you are new to Linux or >> manage a lot of servers. >> > > Now that you mention it, are packages of that distribution really > maintained? > > The recent volnurability of AST-2008-006 is a good test case for that. > If affects both 1.2 and 1.4 . > > The annoncement by Digium: > > http://downloads.digium.com/pub/asa/AST-2008-006.html > > As with the previous ones, the text is quite clear about the fix. > "backporting" that patch to a slightly older version is not that tricky > (and it is something that a distribution package maintainer is used to > doing anyway). > > So what about updates? > >
The optware feed for Unslung (on the NSLU2) is up-to-date on Asterisk 1.4 with 1.4.19.1 but a rev or two behind on 1.2 with 1.2.24 > The LWN page for this advisory only lists Fedora and Debian: > > http://lwn.net/Articles/280318/ > > Response ime in both was quite reasonable. > > LWN also tracks adsisories from various other distributions. You can see > the list in http://lwn.net/Alerts/ . The following other distributions > have 'asterisk' packages: > > * Gentoo > * Mandriva (??? - probably only in contrib and is unsupported) > * rPath (Not sure. See below about AstriskNOW) > * SUSE > * Ubuntu (the package is in 'universe', and not officially supported) > > The issue is listed as corrected in AsteriskNOW 1.0.3, but the latest > version available for download is 1.0.2 . > If I read rpath's repository page correctly, then the most recently > released version of Asterisk is 1.4.17-2 , from Feb-2008 and thus does > not contain this fix. > > To see the versions of packages i Ubuntu: > > http://packages.ubuntu.com/asterisk > > As you can see, both Hardy and the development distribution (Interpid) > include the same version of the package. As you can see from following > the changelog link: > http://changelogs.ubuntu.com/changelogs/pool/universe/a/asterisk/asterisk_1.4.17~dfsg-2ubuntu1/changelog > > The security issues of 1.4.18.1 were backported to that 1.4.17 package. > But nothing about the recent advisory. > > > The Gentoo port is basically where the Ubuntu package is: missing only > the last one: > > http://packages.gentoo.org/package/asterisk > > > The FreeBSD port has not been updated yet. It is still at 1.4.18, and no > sign of backported fixes: > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/asterisk/ > > > OpenBSD port was updated pretty fast (by upgrading to asterisk 1.4.19.1) > > http://www.openbsd.org/cgi-bin/cvsweb/ports/telephony/asterisk/ > > > I don't know where to look for in other distributions. > > -- Drew Gibson Systems Administrator OANDA Corporation www.oanda.com _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users