[asterisk-users] Asterisk 1.4.21.2 and 1.2.30 Released
The Asterisk.org development team has released Asterisk versions 1.4.21.2 and 1.2.30. Both of these releases include fixes for two security issues. Both of these issues affect users of the IAX2 channel driver. For more details on these vulnerabilities, see the published security advisories, AST-2008-010 and AST-2008-011. AST-2008-010: Asterisk IAX 'POKE' resource exhaustion - http://downloads.digium.com/pub/security/AST-2008-010.html AST-2008-011: Traffic amplification in IAX2 firmware provisioning system - http://downloads.digium.com/pub/security/AST-2008-011.html Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.21.1 Released
The Asterisk.org development team has released Asterisk version 1.4.21.1. This release includes a critical bug fix for 1.4.21. All users that experienced lockups when upgrading to 1.4.21 should have their issues resolved with this update. Asterisk 1.4.21.1 is available for download from the downloads site: * http://downloads.digium.com/pub/telephony/asterisk Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.21 Released
The Asterisk.org development team has released Asterisk version 1.4.21. This release is a regular bug fix release for the 1.4 series of Asterisk. For a full list of changes, see the ChangeLog included in the release. * http://svn.digium.com/view/asterisk/tags/1.4.20/ChangeLog?view=markup Asterisk 1.4.21 is available for immediate download from the Digium downloads site. * http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.21-rc2 Now Available
The Asterisk development team has released Asterisk version 1.4.21-rc2. This release is a release candidate for the upcoming official release of 1.4.21. A few bugs have been fixed since 1.4.21-rc2. Please continue to assist in testing before we release 1.4.21! The release candidate is available on the download site. http://downloads.digium.com/pub/telephony/asterisk Please provide release candidate testing feedback to the asterisk-dev mailing list, or the issue tracker, http://bugs.digium.com/. Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.20 Released
The Asterisk.org development team has released Asterisk version 1.4.20. This release contains a large number of bug fixes over the previous release. For a full list of changes, see the ChangeLog included in the release. http://svn.digium.com/view/asterisk/tags/1.4.20/ChangeLog?view=markup Asterisk 1.4.20 is available for immediate download from the Digium downloads site. http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.20-rc3 and 1.6.0-beta9 Now Available
The Asterisk.org development team has released Asterisk versions 1.4.20-rc3 and 1.6.0-beta9. These releases are intended to encourage community testing to improve the quality of the upcoming 1.4.20 and 1.6.0 releases. The testing process has proven extremely useful and we would like to thank everyone who has participated. Please help continue the effort. Any issues with test releases should be reported to http://bugs.digium.com/ or discussed on the asterisk-dev mailing list. Both releases are available for download from the Digium downloads site. http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.19.2 Released
The Asterisk.org development team has released Asterisk version 1.4.19.2. This release includes some IAX2 channel driver updates. Asterisk 1.4.19.1 was released to address an IAX2 security vulnerability. Unfortunately, the changes to address the security issue had an unfortunate negative impact on IAX2 performance in Asterisk. These issues have been addressed and the related fixes are included in this release. The performance of IAX2 in Asterisk due to these changes should be far better than it was even before the changes were made for the security issue. Anyone that uses IAX2 should use this release instead of 1.4.19.1. http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.20-rc1 Now Available
The Asterisk development team has released Asterisk version 1.4.20-rc2. This release is a release candidate for the upcoming official release of 1.4.20. It includes a fix for a SIP channel driver regression introduced in 1.4.20-rc1, among a number of other changes. For a full list of changes since the last release candidate, view the contents of the ChangeLog that is distributed with the release. The release candidate is available on the download site. http://downloads.digium.com/pub/telephony/asterisk Please provide release candidate testing feedback to the asterisk-dev mailing list, or the issue tracker, http://bugs.digium.com/. Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.20-rc1 Now Available
The Asterisk development team has released Asterisk version 1.4.20-rc1. This release is a release candidate for the upcoming official release of 1.4.20. It contains a large number of bug fixes over the previous release, 1.4.19. We would like to encourage the community to assist us in testing before we release 1.4.20. The release candidate is available on the download site. http://downloads.digium.com/pub/telephony/asterisk Please provide release candidate testing feedback to the asterisk-dev mailing list, or the issue tracker, http://bugs.digium.com/. Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.28, 1.4.19.1, and 1.6.0-beta8 Released
The Asterisk development team has released versions 1.2.28, 1.4.19.1, and 1.6.0-beta8. All of these releases contain a security patch for the vulnerability described in the AST-2008-006 security advisory. 1.6.0-beta8 is also a regular update to the 1.6.0 series with a number of bug fixes over the previous beta release. Early last year, we made some modifications to the IAX2 channel driver to combat potential usage of IAX2 in traffic amplification attacks. Unfortunately, our fix was not complete and we were not notified of this until the original reporter of the issue decided to release information on how to exploit it to the public. This issue affects all users of IAX2 that have allowed non-authenticated calls. For more information on the vulnerability, see the published security advisory. * http://downloads.digium.com/pub/security/AST-2008-006.pdf All releases are available for download from the following location: * http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.19 and Asterisk-addons 1.6.0-beta3 Released
The Asterisk development team has released version 1.4.19 of Asterisk and 1.6.0-beta3 of Asterisk-addons. The new Asterisk-addons release contains a few bug fixes over the previous version. http://svn.digium.com/view/asterisk-addons/tags/1.6.0-beta3/ChangeLog?view=markup Asterisk 1.4.19 contains a large number of fixes over the previous release, 1.4.18. For a full list of changes, see the ChangeLog that is included in the release. http://svn.digium.com/view/asterisk/tags/1.4.19/ChangeLog?view=markup One change that requires specific attention is a change to iLBC support. Due to problems with the licensing of the iLBC source code, the implementation of the codec has been removed from the Asterisk source tree. To get the codec_ilbc module to compile, you will have to retrieve the iLBC source code. A script has been provided which does this for you. Simply run the contrib/scripts/get_ilbc_source.sh script from the root directory of the Asterisk source tree. All users of the iLBC source code should review the license agreement and take whatever actions may be necessary to comply with its terms before continuing to use codec_ilbc with Asterisk. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.19-rc4 and 1.6.0-beta7 Now Available
The Asterisk.org development team has released Asterisk versions 1.4.19-rc4 and 1.6.0-beta7. These releases contain significant bug fixes over the previous pre-releases of 1.4.19 and 1.6.0. We would like to thank everyone for all of the help with pre-release testing. Unless anything new comes up, 1.4.19 will be released at the beginning of next week. Both releases are available for download from http://downloads.digium.com/. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] (Critical Updates) Asterisk 1.2.27, 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6 Released
The Asterisk.org development team has released four new versions of Asterisk to address critical security vulnerabilities. AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling. * http://downloads.digium.com/pub/security/AST-2008-002.pdf * All users of SIP in Asterisk 1.4 and 1.6 are affected. AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf. * http://downloads.digium.com/pub/security/AST-2008-003.pdf * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected. AST-2008-004 details some format string vulnerabilities that were found in the code handling the Asterisk logger and the Asterisk manager interface. * http://downloads.digium.com/pub/security/AST-2008-004.pdf * All users of Asterisk 1.6 are affected. Asterisk 1.2.27 and 1.4.18.1 are releases that only contain changes to fix these security vulnerabilities. In addition to fixes for these security issues, 1.4.19-rc3 and 1.6.0-beta6 contain a number of other bug fixes over the previous release candidates and beta releases for the upcoming 1.4.19 and 1.6.0 releases. We encourage all affected users of these security vulnerabilities to upgrade their installations as time permits. Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.19-rc2 Now Available
The Asterisk.org development team has released Asterisk 1.4.19-rc2. This is a test release for 1.4.19. The official 1.4.19 release will be made after a 1.4.19 release candidate goes through a few days of testing without finding any major regressions. This release contains one crash regression that was found during testing of 1.4.19-rc1. It also includes a number of other bug fixes, as well. This release is available for download as a tarball, as well as from svn. Please download and test this release and report any problems to http://bugs.digium.com/. Release tarballs can be found here: http://downloads.digium.com/pub/telephony/asterisk/releases/ Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.6.0-beta5 Now Available
Greetings, The Asterisk.org development team has released Asterisk 1.6.0-beta5. As of this beta of 1.6.0, 1.6.0 is now feature frozen. In addition to a number of bug fixes, the following new features have been added since beta4: * The SMDI interface in Asterisk has been reworked to fix a number of issues as well as add some new features. SMDI message information is now accessed in the dialplan using some new dialplan functions. New options have been added to map Asterisk voicemail boxes to SMDI station IDs. Also, MWI will now properly be sent for systems that have some external interface modifying voicemail boxes, such as a web interface, or with an email client in the case of IMAP storage. * The Postgres CDR module now supports some of the features of cdr_adaptive_odbc. Specifically, you may add additional columns into the table and they will be set, if you set the corresponding CDR variable name. Also, if you omit columns in your database table, those fields will be silently skipped when inserting the record. * The ResetCDR application now has an 'e' option that re-enables the CDR if it has been disabled using the NoCDR option. * A new CLI command, "devstate change", has been added which allows you to change the state of a Custom device. Custom device states were previously only settable by using the DEVICE_STATE() dialplan function. * The Originate manager action now has its own permission level called originate. Also, if you want this action to be able to execute applications that call out to a subshell, it requires the system privilege, as well. These changes were made to enhance the security of the manager interface. For a full list of features that have been introduced from Asterisk 1.4 to Asterisk 1.6.0, see the following file: * http://svn.digium.com/view/asterisk/branches/1.6.0/CHANGES?view=markup For a full list of changes to Asterisk 1.6.0 from beta4 to beta5, see the ChangeLog: * http://svn.digium.com/view/asterisk/tags/1.6.0-beta5/ChangeLog?view=markup There are a few more issues to resolve in 1.6.0 before it can enter release candidate status, but we expect that to happen relatively soon. Thank you for your continued support of Asterisk! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.19-rc1 Now Available
Greetings, The Asterisk.org development team has released Asterisk 1.4.19-rc1. This is a test release for 1.4.19. The official 1.4.19 release will be made after a 1.4.19 release candidate goes through a few days of testing without finding any major regressions. This release is available for download as a tarball, as well as from svn. Please download and test this release and report any problems to http://bugs.digium.com/. Release tarballs can be found here: * http://downloads.digium.com/pub/telephony/asterisk/releases/ Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] codec_g729-v34 Builds Now Available
Greetings, The software G.729 codec module from Digium has been updated for all platforms. There are x86_32 and x86_64 versions optimized for specific processors available for both Asterisk 1.6 and 1.4 for the following platforms. * Linux * Solaris 10 * FreeBSD 7.0 * FreeBSD 6.1 Changes: * For Asterisk trunk / 1.6, builds have been updated for CLI API changes. * All non-Linux builds for both 1.4 and 1.6 have been updated for various API changes. * All of the Linux builds include changes so that an Ethernet interface explicitly named eth0, or eth1, etc., is no longer required. All of the builds are available from the following URL: * http://downloads.digium.com/pub/telephony/codec_g729/ Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.6.0-beta2 Released
The Asterisk.org development team has released Asterisk-addons version 1.6.0-beta2. This release contains the following improvement, along with some other minor bug fixes. - 11614, Updated app_fax to allow termination and origination of faxes over T.38 The full list of changes is available in the ChangeLog. The release is available for download from http://downloads.digium.com. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.6.0-beta4 Released
The Asterisk.org development team has released version 1.6.0-beta4. Here are some highlights from the changes, with the associated issue numbers from bugs.digium.com if an issue was associated with the change. This release contains the following improvements: - 12020, a CLI formatting improvement - 11964, added the ability to get the original called number on SS7 calls - 11873, Added core API changes to handle T.38 origination and termination (The version of app_fax in Asterisk-addons now supports this.) - 11553, Added a status variable to the ChannelRedirect() application The changes in this release include fixes for the following issues (trivial and minor issues not included): - 11960, a crash in chan_sip - 12021, a crash related to invalid formats being specified for voicemail - 11779, fix enabling echo cancellation for incoming SS7 calls - 11740, DTMF handling fixes - 11864, Fixed device state reporting on incoming calls on FXO - 12012, a crash in chan_local - Fix a regression in codec handling that was introduced in 1.6.0-beta3 A full list of changes can be found in the ChangeLog. This release is available for immediate download from http://downloads.digium.com/. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.4.6 Released
The Asterisk.org development team has released Asterisk-addons version 1.4.6. This releases includes a fix for a build related issue for the OOH323 channel driver. (issue #9643) Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.24 and 1.4.9 Released
The Asterisk.org development team has released Zaptel versions 1.2.24 and 1.4.9. Zaptel 1.2.24 Highlights * Linux kernel 2.6.24 compatibility * New module parameters for tuning VPMADT032 echo canceller modules * Improved interrupt handling in the wcte12xp driver Zaptel 1.4.9 Highlights * Linux kernel 2.6.24 compatibility * New module parameters for tuning VPMADT032 echo canceller modules * Improved interrupt handling in the wcte12xp driver * Fixed TX/RX stream naming in ztmonitor * Report battery loss on analog FXO ports as a channel alarm (only usable in Asterisk 1.6/trunk) * Added optional ring detection method to better support UK CallerID reception Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.6.0-beta3 Released
The Asterisk.org development team has released Asterisk-1.6.0-beta3. This release contains a number of bug fixes over beta2, as well as a few new features. * Added an 'n' option to SpeechBackground to request that the channel not get answered * Added a number of new manager actions to improve configuration management over the Asterisk Manager Interface, including the ability to: - List the categories in a file - Get the contents of a single category - Empty a single category - Create a new configuration file - Delete a line by line number with respect to the category - Inserting variables and categories at a specified line - Inserting categories above an existing category - Added a false condition to the GotoIfTime application - Added a new manager event for IAX2 jitterbuffer statistics Thank you very much to everyone that has participated in testing Asterisk 1.6 so far. The results have been very good! Please continue to help test this release so that the official 1.6.0 can come along soon. Thank you very much for your support. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.18 Released
The Asterisk development team has released Asterisk version 1.4.18. In response to a community request, in preparation for this release, the development community held a release candidate period before making the official release. Multiple people tested it out and reported issues. The release candidate process was definitely a success for this release, and we will continue to do it for future Asterisk 1.4 releases. To see what changes have been made since the last release, see the ChangeLog here: http://svn.digium.com/view/asterisk/tags/1.4.18/ChangeLog?view=markup The release is available for immediate download from http://downloads.digium.com/. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.18-rc4 Now Available
Asterisk 1.4.18-rc4 is now available. This release candidate includes an important fix for a regression related to the use of codec_g729 that caused decoders to not get properly released. Additional fixes added today that are included in this release candidate include: - fixes for some locking errors in chan_agent - a memory leak related to the use of AMI redirect - Solaris compatibility fixes - a fix related to call recordings from Monitor getting deleted before being mixed if a blind transfer is done from a Queue. Thanks to everyone that has jumped on to help out with testing of release candidates! It has already been extremely helpful. This release candidate is published for anyone that is interested in helping to test it for a couple of days before it is officially released. To download the release candidate, use the following svn command: $ svn co http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc4 If you would like it in tarball format, use the following commands: $ svn export http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc4 $ tar -czvf asterisk-1.4.18-rc4.tar.gz asterisk-1.4.18-rc4/ Thanks! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.18-rc3 Now Available
Asterisk 1.4.18-rc3 is now available. The important bug fixes that made it into this RC are a couple of crash fixes for ChanSpy/MixMonitor. A few other less severe bug fixes made it in, as well. This release candidate is published for anyone that is interested in helping to test it for a couple of days before it is officially released. To download the release candidate, use the following svn command: $ svn co http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc3 If you would like it in tarball format, use the following commands: $ svn export http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc3 $ tar -czvf asterisk-1.4.18-rc3.tar.gz asterisk-1.4.18-rc3/ Thanks! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.18-rc2 Now Available
Asterisk 1.4.18-rc2 is now available. One of the developers made a change to chan_sip that they wanted to get in to this release. A few other bug fixes were added, as well. This release candidate is published for anyone that is interested in helping to test it for a couple of days before it is officially released. To download the release candidate, use the following svn command: $ svn co http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc2 If you would like it in tarball format, use the following commands: $ svn export http://svn.digium.com/svn/asterisk/tags/1.4.18 asterisk-1.4.18-rc2 $ tar -czvf asterisk-1.4.18-rc2.tar.gz asterisk-1.4.18-rc2/ Thanks! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.6.0-beta2 and 1.4.18-rc1 Now Available
The Asterisk development team has released versions 1.6.0-beta2 and and 1.4.18-rc1. The new beta for 1.6 is available for download from http://downloads.digium.com/. The release candidate for 1.4.18 is only available via svn. It is available for anyone that would like to help test 1.4.18 over the next couple of days before it gets officially released. To download the 1.4.18 release candidate: $ svn co http://svn.digium.com/svn/asterisk/tags/1.4.18 1.4.18-rc1 To make a tarball out of the previous checkout, do: $ svn export 1.4.18-rc1 asterisk-1.4.18-rc1 $ rm -rf 1.4.18-rc1 $ tar -czvf asterisk-1.4.18-rc1.tar.gz asterisk-1.4.18-rc1/ Please report any issues to http://bugs.digium.com/. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.6.0-beta1 released
The Asterisk.org development team has published Asterisk version 1.6.0-beta1. Everyone is encouraged to help test Asterisk 1.6, so that the release may be available soon. Asterisk 1.6 will be the first major release of Asterisk since 1.4, which was released just over one year ago. This release contains a number of new features, as well as architectural improvements for improved performance. A list of the new features is available in the CHANGES file: http://svn.digium.com/view/asterisk/tags/1.6.0-beta1/CHANGES?view=co Asterisk 1.6 also brings about a new release management style. This release management policies have been changed for Asterisk 1.6 to account for some of the things we have learned while maintaining Asterisk 1.2 and 1.4 in the past. For more information on the new release management policy, see the following thread on the asterisk-dev mailing list: http://lists.digium.com/pipermail/asterisk-dev/2007-October/030083.html The support levels for Asterisk 1.2 and 1.4 will not change in the near future. There are no current plans as to when the support of those releases will change. Those decisions will be made as a result of discussions in the developer community when the time comes, and a public announcement will be made with plenty of advance notice before anything changes. Thank you for the support, and we look forward to your feedback on this release! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.23 and 1.4.8 released
The Asterisk.org development team has released Zaptel versions 1.2.23 and 1.4.8. These releases contain a number of bug fixes as well as new features, including: * New and greatly improved fxotune utility - http://lists.digium.com/pipermail/asterisk-users/2008-January/203778.html * Full support for new Digium cards, TE120P, TE121P, TE122P * DTMF generator updates allow tones to be generated at runtime, as well as support for a DTMF "twist", on a per-zone basis. The tones for Brazil have been updated to include a 2 dB DTMF twist. These releases are available for immediate download from http://downloads.digium.com/. Thank you for your support! ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.17 Released
The Asterisk.org development team has released Asterisk version 1.4.17. This release contains a fix for a SIP security issue, as well as a number of other bug fixes. The security issue is documented in the published security advisory, AST-2008-001. The vulnerability allows an attacker to cause a crash in the SIP channel driver with a properly crafted transfer. This issue requires an authenticated session that allows transfers to be exploited. If unauthenticated calls with transfer capability are allowed, then this issue could be exploited with an unauthenticated session. Also, this issue only affects Asterisk 1.4. Asterisk 1.2 is not affected. Systems that do not use chan_sip are also not affected. The security advisory is available at http://downloads.digium.com/pub/security/AST-2008-001.pdf. The release is available for immediate download from http://downloads.digium.com/pub/telephony/asterisk/. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.16 and 1.2.26 released
The Asterisk.org development team has released Asterisk versions 1.4.16 and 1.2.26. Both releases contain a fix for a security vulnerability. The 1.4.16 release also contains a number of other bug fixes made over the past few weeks. The details of the security issue have been published in a security advisory: http://downloads.digium.com/pub/security/AST-2007-027.pdf The issue affects users of the dynamic realtime configuration method for IAX2 or SIP that use host based authentication. Systems that do not use host based authentication with realtime are not affected. A full list of changes is available in the ChangeLog, which is distributed with the release and is also available on the downloads page. http://downloads.digium.com/pub/telephony/asterisk/ChangeLog-1.4.16 The releases are available for immediate download from http://downloads.digium.com/. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.22.1 and 1.4.7.1 released
The Asterisk.org development team has released Zaptel versions 1.2.22.1 and 1.4.7.1. These releases contain one small change and are otherwise the same as 1.2.22 and 1.4.7. The change is to support the new TE122 card from Digium. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Libpri 1.2.7 and 1.4.3 released
The Asterisk.org development team has released Libpri versions 1.2.7 and 1.4.3. These releases fix one small compilation error that occurred with the newest release of glibc. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] v33 of codec_g729a released
Version 33 of codec_g729a for Asterisk 1.4 has been released. This release is a compatibility update to work with the latest version of Asterisk. Users of this module upgrading to Asterisk 1.4.15 will need to upgrade to this version of codec_g729a. The module is available for download at the following location: http://downloads.digium.com/pub/telephony/codec_g729/asterisk-1.4/ Thank you! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.4.5 Released
The Asterisk.org development team has released Asterisk-addons version 1.4.5. This release contains a few bug fixes, but is required for compatibility with the latest version of Asterisk, 1.4.15. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.14 Released
The Asterisk Development Team has released Asterisk version 1.4.14. This is a regular maintenance release that contains numerous bug fixes across the entire code base. A ChangeLog that lists all changes that were made is available with the release. http://svn.digium.com/view/asterisk/tags/1.4.14/README?view=markup The release is available on downloads.digium.com. It is also available as a patch against the previous release. http://downloads.digium.com/pub/telephony/asterisk/ Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application
Asterisk Project Security Advisory - AST-2007-024 ++ | Product | Zaptel| |+---| | Summary | Potential buffer overflow from command line | || application "sethdlc" | |+---| | Nature of Advisory | Buffer overflow | |+---| | Susceptibility | Local sessions| |+---| | Severity | None | |+---| | Exploits Known | None | |+---| |Reported On | October 31, 2007 | |+---| |Reported By | Michael Bucko | |+---| | Posted On | October 31, 2007 | |+---| | Last Updated On | November 1, 2007 | |+---| | Advisory Contact | Mark Michelson | |+---| | CVE Name | CVE-2007-5690 | ++ ++ | Description | This advisory is a response to a false security | | | vulnerability published in several places on the | | | Internet. Had Asterisk's developers been notified prior | | | to its publication, there would be no need for this. | | | | | | There is a potential for a buffer overflow in the| | | sethdlc application; however, running this application | | | requires root access to the server, which means that | | | exploiting this vulnerability gains the attacker no more | | | advantage than what he already has. As such, this is a | | | bug, not a security vulnerability. | ++ ++ | Resolution | The copy of the user-provided argument to the buffer has | || been limited to the length of the buffer. This fix has| || been committed to the Zaptel 1.2 and 1.4 repositories,| || but due to the lack of severity, new releases will not be | || immediately made. | || | || While we appreciate this programming error being brought | || to our attention, we would encourage security researchers | || to contact us prior to releasing any reports of their | || own, both so that we can fix any vulnerability found | || prior to the release of an announcement, as well as | || avoiding these types of mistakes (and the potential | || embarrassment of reporting a vulnerability that wasn't) | || in the future.| ++ ++ | Affected Versions| || | Product | Release Series | | |-++-| | Zaptel | 1.2.x | All versions prior to 1.2.22| |-++-| | Zaptel | 1.4.x | All versio
[asterisk-users] AST-2007-023: SQL Injection vulnerability in cdr_addon_mysql
Asterisk Project Security Advisory - AST-2007-023 ++ | Product | Asterisk-Addons | |+---| | Summary | SQL Injection Vulnerability in cdr_addon_mysql| |+---| | Nature of Advisory | SQL Injection | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Minor | |+---| | Exploits Known | Yes | |+---| |Reported On | October 16, 2007 | |+---| |Reported By | Humberto Abdelnur| |+---| | Posted On | October 16, 2007 | |+---| | Last Updated On | October 16, 2007 | |+---| | Advisory Contact | Tilghman Lesher| |+---| | CVE Name | CVE-2007-5488 | ++ ++ | Description | The source and destination numbers for a given call are | | | not correctly escaped by the cdr_addon_mysql module when | | | inserting a record. Therefore, a carefully crafted | | | destination number sent to an Asterisk system running| | | cdr_addon_mysql could escape out of a SQL data field and | | | create another query. This vulnerability is made all the | | | more severe if a user were using realtime data, since| | | the data may exist in the same database as the inserted | | | call detail record, thus creating all sorts of possible | | | data corruption and invalidation issues. | ++ ++ | Resolution | The Asterisk-addons package is not distributed with | || Asterisk, nor is it installed by default. The module may | || be either disabled or upgraded to fix this issue. | ++ ++ | Affected Versions| || | Product| Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| All versions | |--+-+---| | Asterisk Open Source |1.2.x| All versions prior to | | | | asterisk-addons-1.2.8 | |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | asterisk-addons-1.4.4 | |--+-+---| | Asterisk Business |A.x.x| Unaffected| | Edition| | | |--+-+---| | Asterisk Business |B.x.x| Unaffected| | Edition| | | |--+-+---| | AsteriskNOW | pre-release | Unaffected| |--+-
[asterisk-users] AST-2007-023 - SQL Injection Vulnerability in cdr_addon_mysql
Asterisk Project Security Advisory - AST-2007-023 ++ | Product | Asterisk-Addons | |+---| | Summary | SQL Injection Vulnerability in cdr_addon_mysql| |+---| | Nature of Advisory | SQL Injection | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Minor | |+---| | Exploits Known | Yes | |+---| |Reported On | October 16, 2007 | |+---| |Reported By | Humberto Abdelnur| |+---| | Posted On | October 16, 2007 | |+---| | Last Updated On | October 16, 2007 | |+---| | Advisory Contact | Tilghman Lesher| |+---| | CVE Name | CVE-2007-5488 | ++ ++ | Description | The source and destination numbers for a given call are | | | not correctly escaped by the cdr_addon_mysql module when | | | inserting a record. Therefore, a carefully crafted | | | destination number sent to an Asterisk system running| | | cdr_addon_mysql could escape out of a SQL data field and | | | create another query. This vulnerability is made all the | | | more severe if a user were using realtime data, since| | | the data may exist in the same database as the inserted | | | call detail record, thus creating all sorts of possible | | | data corruption and invalidation issues. | ++ ++ | Resolution | The Asterisk-addons package is not distributed with | || Asterisk, nor is it installed by default. The module may | || be either disabled or upgraded to fix this issue. | ++ ++ | Affected Versions| || | Product| Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| All versions | |--+-+---| | Asterisk Open Source |1.2.x| All versions prior to | | | | asterisk-addons-1.2.8 | |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | asterisk-addons-1.4.4 | |--+-+---| | Asterisk Business |A.x.x| Unaffected| | Edition| | | |--+-+---| | Asterisk Business |B.x.x| Unaffected| | Edition| | | |--+-+---| | AsteriskNOW | pre-release | Unaffected| |--+-
[asterisk-users] Asterisk-addons 1.2.8 and 1.4.4 released
The Asterisk development team has released versions 1.2.8 and 1.4.4 of Asterisk-addons. This release contains a fix for a security vulnerability in the cdr_addon_mysql module. This module is vulnerable to SQL injection. See the details on the security issue in the published advisory: http://downloads.digium.com/pub/asa/AST-2007-023.pdf Only systems that use this module for logging CDR records are vulnerable to the problem. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AST-2007-022: Buffer overflows in voicemail when using IMAP storage
Asterisk Project Security Advisory - AST-2007-022 ++ | Product | Asterisk | |+---| | Summary | Buffer overflows in voicemail when using IMAP | || storage | |+---| | Nature of Advisory | Remotely and locally exploitable buffer overflows | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Minor | |+---| | Exploits Known | No| |+---| |Reported On | October 9, 2007 | |+---| |Reported By | Russell Bryant <[EMAIL PROTECTED]> | || | || Mark Michelson <[EMAIL PROTECTED]>| |+---| | Posted On | October 9, 2007 | |+---| | Last Updated On | October 10, 2007 | |+---| | Advisory Contact | Mark Michelson <[EMAIL PROTECTED]>| |+---| | CVE Name | | ++ ++ | Description | The function "sprintf" was used heavily throughout the | | | IMAP-specific voicemail code. After auditing the code, | | | two vulnerabilities were discovered, both buffer | | | overflows. | | | | | | The following buffer overflow required write access to | | | Asterisk's configuration files in order to be exploited. | | | | | | 1) If a combination of the astspooldir (set in | | | asterisk.conf), the voicemail context, and voicemail | | | mailbox, were very long, then there was a buffer | | | overflow when playing a message or forwarding a message | | | (in the case of forwarding, the context and mailbox in | | | question are the context and mailbox that the message| | | was being forwarded to). | | | | | | The following buffer overflow could be exploited | | | remotely.| | | | | | 2) If any one of, or any combination of the Content-type | | | or Content-description headers for an e-mail that| | | Asterisk recognized as a voicemail message contained | | | more than a 1024 characters, then a buffer would | | | overflow while listening to a voicemail message via a| | | telephone. It is important to note that this did NOT | | | affect users who get their voicemail via an e-mail | | | client. | ++ ++ | Resolution | "sprintf" calls have been changed to "snprintf" wherever | || space was not specifically allocated to the buffer prior | || to the sprintf call. This includes places which are not | || currently prone to buffer overflows. | +
[asterisk-users] Asterisk 1.4.13 Released
The Asterisk Development Team has released version 1.4.13. This release fixes a couple of security issues in the implementation of IMAP storage for voicemail. One of the issues is remotely exploitable. Any systems that do not use IMAP storage for voicemail are not affected by these issues. For more details on this issue, see the Asterisk security advisory here: * http://downloads.digium.com/pub/asa/AST-2007-022.pdf This release also contains some other bug fixes that have been merged in the past week or so. The other fixes include resolutions for a few different deadlocks, a couple of problems in res_jabber, chan_sip and RTP fixes, and a few more minor issues. See the ChangeLog for a full listing of the changes: * http://downloads.digium.com/pub/telephony/asterisk/ChangeLog-1.4.13 Thank you very much for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.12 and Asterisk-addons 1.4.3 released
The Asterisk Development Team has announced the releases of Asterisk 1.4.12 and Asterisk-addons 1.4.3. The Asterisk-addons release contains just a few fixes for the modules in that package, but the Asterisk release contains a large number of bug fixes for all parts of Asterisk. There are many areas that have been significantly improved by various fixes. Those include the IAX2 channel driver, Queues, timezone handling, AEL, the Manager Interface, MeetMe, AGI, the SIP channel driver, Music on Hold, Jabber, the Gtalk channel driver, and more. The listing of all changes made in these releases can be seen in the ChangeLog: http://svn.digium.com/view/asterisk/tags/1.4.12/ChangeLog?view=markup http://svn.digium.com/view/asterisk-addons/tags/1.4.3/ChangeLog?view=markup The releases are immediately available for download from http://downloads.digium.com/pub/telephony/asterisk/. Thank you very much for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage
Asterisk Project Security Advisory - AST-2007-021 ++ | Product | Asterisk | |+---| | Summary | Crash from invalid/corrupted MIME bodies when | || using voicemail with IMAP storage | |+---| | Nature of Advisory | Crash | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | minor | |+---| | Exploits Known | No| |+---| |Reported On | August 23, 2007 | |+---| |Reported By | Kevin Stewart | |+---| | Posted On | August 24, 2007 | |+---| | Last Updated On | August 24, 2007 | |+---| | Advisory Contact | Mark Michelson <[EMAIL PROTECTED]>| |+---| | CVE Name |CVE-2007-4521 | ++ ++ | Description | If Asterisk is configured to use IMAP as its backend | | | storage for voicemail, then an e-mail sent to a user | | | with an invalid/corrupted MIME body will cause Asterisk | | | to crash when the user listens to their voicemail using | | | the phone. | | | | | | This does not affect any other voicemail storage option, | | | nor does it affect users who check their voicemail via | | | e-mail when using IMAP storage. | ++ ++ | Resolution | Since this is a minor issue, a new release is not | || immediately planned. However, the issue will be fixed in | || Asterisk Open Source version 1.4.12 when it is released. | ++ ++ | Affected Versions| || |Product | Release | | || Series| | |+-+-| | Asterisk Open Source |1.0.x| Not Affected| |+-+-| | Asterisk Open Source |1.2.x| Not Affected| |+-+-| | Asterisk Open Source |1.4.x| Versions 1.4.5 - 1.4.11 | |+-+-| | Asterisk Business Edition|A.x.x| Not Affected| |+-+-| | Asterisk Business Edition|B.x.x| Not Affected| |+-+-| | AsteriskNOW | pre-release | Not Affected| |+-+-| | Asterisk Appliance Developer |0.x.x| Not Affected| | Kit | | | |+-+-| | s800i (Asteris
[asterisk-users] AST-2007-020: Resource Exhaustion vulnerability in SIP channel driver
Asterisk Project Security Advisory - AST-2007-020 ++ | Product | Asterisk | |+---| | Summary | Resource Exhaustion vulnerability in SIP channel | || driver| |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Moderate | |+---| | Exploits Known | No| |+---| |Reported On | August 9, 2007| |+---| |Reported By | Jon Moldenauer (bugs.digium.com user | || jmoldenhauer) | |+---| | Posted On | August 21, 2007 | |+---| | Last Updated On | August 21, 2007 | |+---| | Advisory Contact | Russell Bryant <[EMAIL PROTECTED]> | |+---| | CVE Name | CVE-2007-4455 | ++ ++ | Description | The handling of SIP dialog history was broken during the | | | development of Asterisk 1.4. Regardless of whether | | | recording SIP dialog history is turned on or off, the| | | history is still recorded in memory. Furthermore, there | | | is no upper limit on how many history items will be | | | stored for a given SIP dialog. | | | | | | It is possible for an attacker to use up all of the | | | system's memory by creating a SIP dialog that records| | | many entires in the history and never ends. It is also | | | worth noting for the sake of doing the math to calculate | | | what it would take to exploit this that each SIP history | | | entry will take up a maximum of 88 bytes.| ++ ++ | Resolution | The fix that has been added to chan_sip is to restore the | || functionality where SIP dialog history is not recorded in | || memory if it is not enabled. Furthermore, a maximum of 50 | || entires in the history will be stored for each dialog | || when recording history is turned on. | || | || The only way to avoid this problem in affected versions | || of Asterisk is to disable chan_sip. If chan_sip is being | || used, the system must be upgraded to a version that has | || this issue resolved. | ++ ++ | Affected Versions| || | Product | Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| Not affected | |--+-+---| | Asterisk Open Source |1.2.x| Not affected | |-
[asterisk-users] Asterisk 1.4.11 released
The Asterisk development team has released version 1.4.11. This version contains numerous bug fixes. One of these is for a security issue in chan_sip. The issue is that SIP dialog history was being stored in memory regardless if the option for this was turned on or off. This could be abused to cause a system using chan_sip to run out of memory. The security issue is documented in AST-2007-020. Affected systems include any that are using chan_sip. Also, only Asterisk 1.4 is affected. Asterisk 1.2 is not vulnerable to this issue. * http://downloads.digium.com/pub/asa/AST-2007-020.pdf The name prefix for our security advisories has been changed from ASA to AST. The ASA scheme was already in use by another company before we started using it. This release is available for download from http://downloads.digium.com/pub/telephony/asterisk/. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.24 and 1.4.10 released
The Asterisk development team has released Asterisk versions 1.2.24 and 1.4.10. Version 1.2.24 is the final 1.2 release that contains normal bug fixes. The 1.2 branch will only be maintained with security fix releases from now until it is completely deprecated. Version 1.4.10 contains numerous bug fixes for things all over Asterisk, as well as a fix for a security issue. The security issue only affects users of chan_skinny and is documented in ASA-2007-019. http://downloads.digium.com/pub/asa/ASA-2007-019.pdf Another set of noteworthy changes in version 1.4.10 include many fixes for the IAX2 channel driver. Special recognition goes out to the developers over at Wimba (http://www.wimba.com/) for their dedication to tracking down numerous complicated issues in the 1.4 version of chan_iax2. Thank you very much Mihai, Steve, and Pete! These releases are available for download from the following location: http://downloads.digium.com/pub/telephony/asterisk/ Thank you very much for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] ASA-2007-019: Remote crash vulnerability in Skinny channel driver
Asterisk Project Security Advisory - ASA-2007-019 ++ | Product | Asterisk | |+---| | Summary | Remote crash vulnerability in Skinny channel | || driver| |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Authenticated Sessions | |+---| | Severity | Moderate | |+---| | Exploits Known | No| |+---| |Reported On | August 7, 2007| |+---| |Reported By | Wei Wang of McAfee AVERT Labs | |+---| | Posted On | August 7, 2007| |+---| | Last Updated On | August 7, 2007| |+---| | Advisory Contact | Jason Parker <[EMAIL PROTECTED]> | |+---| | CVE Name | | ++ ++ | Description | The Asterisk Skinny channel driver, chan_skinny, has a | | | remotely exploitable crash vulnerability. A segfault can | | | occur when Asterisk receives a | | | "CAPABILITIES_RES_MESSAGE" packet where the capabilities | | | count is greater than the total number of items in the | | | capabilities_res_message array. Note that this requires | | | an authenticated session.| ++ ++ | Resolution | Asterisk code has been modified to limit the incoming | || capabilities count. | || | || Users with configured Skinny devices should upgrade to| || the appropriate version listed in the corrected in| || section of this advisory. | ++ ++ | Affected Versions| || | Product | Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| Not affected | |--+-+---| | Asterisk Open Source |1.2.x| Not affected | |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | 1.4.10| |--+-+---| |Asterisk Business Edition |A.x.x| Not affected | |--+-+---| |Asterisk Business Edition |B.x.x| Not affected | |--+-+---| | AsteriskNOW| pre-release | All versions prior to | | | | beta7 | |--+-+---| | Asterisk App
[asterisk-users] Asterisk 1.2.23 and 1.4.9 released
The Asterisk development team has released Asterisk versions 1.2.23 and 1.4.9. These releases contain bug fixes, including one for a security vulnerability. The vulnerability is a potential Denial of Service attack when the Asterisk IAX2 channel driver is configured to allow unauthenticated calls. We have released an Asterisk Security Advisory for the vulnerability. The current version of the advisory can be downloaded from the ftp site. http://ftp.digium.com/pub/asa/ASA-2007-018.pdf * Affected systems include all Asterisk installations running an affected version that allow unauthenticated IAX2 calls. Affected open source versions include 1.2.20 through 1.2.22, and 1.4.5 through 1.4.8. All users that have systems that meet the criteria listed above should upgrade as soon as possible. Thank you very much for your support. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] ASA-2007-018: Resource Exhaustion vulnerability in IAX2 channel driver
Asterisk Project Security Advisory - ++ | Product | Asterisk | |+---| | Summary | Resource Exhaustion vulnerability in IAX2 channel | || driver| |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Moderate | |+---| | Exploits Known | No| |+---| |Reported On | July 19, 2007 | |+---| |Reported By | Russell Bryant, Digium, Inc. <[EMAIL PROTECTED]> | |+---| | Posted On | July 23, 2007 | |+---| | Last Updated On | July 23, 2007 | |+---| | Advisory Contact | Russell Bryant <[EMAIL PROTECTED]> | |+---| | CVE Name | | ++ ++ | Description | The IAX2 channel driver in Asterisk is vulnerable to a | | | Denial of Service attack when configured to allow| | | unauthenticated calls. An attacker can send a flood of | | | NEW packets for valid extensions to the server to| | | initiate calls as the unauthenticated user. This will| | | cause resources on the Asterisk system to get allocated | | | that will never go away. Furthermore, the IAX2 channel | | | driver will be stuck trying to reschedule| | | retransmissions for each of these fake calls for | | | forever. This can very quickly bring down a system and | | | the only way to recover is to restart Asterisk. | | | | | | Detailed Explanation:| | | | | | Within the last few months, we made some changes to | | | chan_iax2 to combat the abuse of this module for traffic | | | amplification attacks. Unfortunately, this has caused an | | | unintended side effect. | | | | | | The summary of the change to combat traffic | | | amplification is this. Once you start the PBX on the | | | Asterisk channel, it will begin receiving frames to be | | | sent back out to the network. We delayed this from | | | happening until a 3-way handshake has occurred to help | | | ensure that we are talking to the IP address the | | | messages appear to be coming from. | | | | | | When chan_iax2 accepts an unauthenticated call, it | | | immediately creates the ast_channel for the call.| | | However, since the 3-way handshake has not been | | | completed, the PBX is not started on this channel. | | | | | | Later, when the maximum number of retries have been | | | exceeded on responses to this NEW, the code tries to | | | hang up the call. Now, it has 2 ways to do this, | | | depending on if there i
[asterisk-users] ASA-2007-017: Remote crash vulnerability in STUN implementation
Asterisk Project Security Advisory - ASA-2007-017 ++ | Product | Asterisk | |+---| | Summary | Remote Crash Vulnerability in STUN implementation | |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Critical | |+---| | Exploits Known | No| |+---| |Reported On | July 13, 2007 | |+---| |Reported By | Will Drewry, Google Security Team | |+---| | Posted On | July 17, 2007 | |+---| | Last Updated On | July 17, 2007 | |+---| | Advisory Contact | Joshua Colp <[EMAIL PROTECTED]>| |+---| | CVE Name | CVE-2007-3765 | ++ ++ | Description | The Asterisk STUN implementation in the RTP stack has a | | | remotely exploitable crash vulnerability. A pointer may | | | run past accessible memory if Asterisk receives a| | | specially crafted STUN packet on an active RTP port. | | | | | | The code that parses the incoming STUN packets | | | incorrectly checks that the length indicated in the STUN | | | attribute and the size of the STUN attribute header does | | | not exceed the available data. This will cause the data | | | pointer to run past accessible memory and when accessed | | | will cause a crash. | ++ ++ | Resolution | All users that have chan_sip, chan_gtalk, chan_jingle,| || chan_h323, chan_mgcp, or chan_skinny enabled on an| || affected version should upgrade to the appropriate| || version listed in the correct in section of this | || advisory. | ++ ++ | Affected Versions| || | Product | Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| None affected | |--+-+---| | Asterisk Open Source |1.2.x| None affected | |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | 1.4.8 | |--+-+---| |Asterisk Business Edition |A.x.x| None affected | |--+-+---| |Asterisk Business Edition |B.x.x| None affected | |--+-+---| | AsteriskNOW| pre-release | All versions prior to | |
[asterisk-users] ASA-2007-016: Remote crash vulnerability in Skinny channel driver
Asterisk Project Security Advisory - ASA-2007-016 ++ | Product | Asterisk | |+---| | Summary | Remote crash vulnerability in Skinny channel | || driver| |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Critical | |+---| | Exploits Known | No| |+---| |Reported On | July 13, 2007 | |+---| |Reported By | Will Drewry, Google Security Team | |+---| | Posted On | July 17, 2007 | |+---| | Last Updated On | July 17, 2007 | |+---| | Advisory Contact | Jason Parker <[EMAIL PROTECTED]> | |+---| | CVE Name | CVE-2007-3764 | ++ ++ | Description | The Asterisk Skinny channel driver, chan_skinny, has a | | | remotely exploitable crash vulnerability. A segfault can | | | occur when Asterisk receives a packet where the claimed | | | length of the data is between 0 and 3, followed by | | | length + 4 or more bytes, due to an overly large memcpy. | | | The side effects of this extremely large memcpy have not | | | been investigated. | ++ ++ | Resolution | All users that have chan_skinny enabled should upgrade to | || the appropriate version listed in the corrected in| || section of this advisory. As a workaround, users who do | || not require chan_skinny may add the line "noload => | || chan_skinny.so" (without quotes) to | || /etc/asterisk/modules.conf, and restart Asterisk. | ++ ++ | Affected Versions| || | Product | Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| All versions | |--+-+---| | Asterisk Open Source |1.2.x| All versions prior to | | | | 1.2.22| |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | 1.4.8 | |--+-+---| |Asterisk Business Edition |A.x.x| All versions | |--+-+---| |Asterisk Business Edition |B.x.x| All versions prior to | | | | B.2.2.1 | |--+-+---| | AsteriskNOW| pre-release | All versions prior to | |
[asterisk-users] ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-015 ++ | Product | Asterisk | |+---| | Summary | Remote Crash Vulnerability in IAX2 channel driver | |+---| | Nature of Advisory | Denial of Service | |+---| | Susceptibility | Remote Unauthenticated Sessions | |+---| | Severity | Critical | |+---| | Exploits Known | No| |+---| |Reported On | July 13, 2007 | |+---| |Reported By | Chris Clark and Zane Lackey, iSEC Partners| |+---| | Posted On | July 17, 2007 | |+---| | Last Updated On | July 17, 2007 | |+---| | Advisory Contact | Russell Bryant <[EMAIL PROTECTED]> | |+---| | CVE Name | CVE-2007-3763 | ++ ++ | Description | The Asterisk IAX2 channel driver, chan_iax2, has a | | | remotely exploitable crash vulnerability. A NULL pointer | | | exception can occur when Asterisk receives a LAGRQ or| | | LAGRP frame that is part of a valid session and includes | | | information elements. The session used to exploit this | | | issue does not have to be authenticated. It can simply | | | be a NEW packet sent with an invalid username. | | | | | | The code that parses the incoming frame correctly parses | | | the information elements of IAX frames. It then sets a | | | pointer to NULL to indicate that there is not a raw data | | | payload associated with this frame. However, it does not | | | set the variable that indicates the number of bytes in | | | the raw payload back to zero. Since the raw data length | | | is non-zero, the code handling LAGRQ and LAGRP frames| | | tries to copy data from a NULL pointer, causing a crash. | ++ ++ | Resolution | All users that have chan_iax2 enabled should upgrade to | || the appropriate version listed in the corrected in| || section of this advisory. | ++ ++ | Affected Versions| || | Product | Release | | | | Series| | |--+-+---| | Asterisk Open Source |1.0.x| All versions | |--+-+---| | Asterisk Open Source |1.2.x| All versions prior to | | | | 1.2.22| |--+-+---| | Asterisk Open Source |1.4.x| All versions prior to | | | | 1.4.8 | |--+-+---| |Asterisk Business Edition |A.x.x| All versions | |-
[asterisk-users] ASA-2007-014: Stack buffer overflow in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-014 ++ | Product| Asterisk| |--+-| | Summary| Stack buffer overflow in IAX2 channel driver| |--+-| | Nature of Advisory | Exploitable Stack Buffer Overflow | |--+-| |Susceptibility| Remote Unuthenticated Sessions | |--+-| | Severity | Critical| |--+-| |Exploits Known| No | |--+-| | Reported On | July 12, 2007 | |--+-| | Reported By | Russell Bryant, Digium, Inc.| |--+-| | Posted On | July 17, 2007 | |--+-| | Last Updated On| July 17, 2007 | |--+-| | Advisory Contact | Russell Bryant <[EMAIL PROTECTED]> | |--+-| | CVE Name | CVE-2007-3762 | ++ ++ | Description | The Asterisk IAX2 channel driver, chan_iax2, has a | | | remotely exploitable stack buffer overflow | | | vulnerability. It occurs when chan_iax2 is passed a | | | voice or video frame with a data payload larger than 4 | | | kB. This is exploitable by sending a very large RTP | | | frame to an active RTP port number used by Asterisk when | | | the other end of the call is an IAX2 channel. Exploiting | | | this issue can cause a crash or allow arbitrary code | | | execution on a remote machine. | | | | | | The specific conditions that trigger the vulnerability | | | are the following: | | | | | | * iax2_write() is called with a frame with the | | | following properties | | | | | |* a voice or video frame | | | | | |* Its 4-byte timestamp has the same high 2 bytes | | | as the previous frame that was sent | | | | | |* Its format is the one currently expected| | | | | |* Its data payload is larger than 4 kB| | | | | | iax2_write() calls iax2_send() to send the frame. Inside | | | of iax2_send(), there is a conditional check to | | | determine whether the frame should be sent immediately | | | (the now variable) or queued for transmission later. | | | | | | If the frame is going to be transmitted later, an| | | iax_frame struct is dynamically allocated with a data| | | buffer that has the exact buffer size needed to | | | accommodate for the provided ast_frame data. However, if | | | the frame is being sent immediately, it uses a stack | | | allocated iax_frame, with a data buffer size of 4096 | | | bytes. | | |
[asterisk-users] Critical Updates: Asterisk 1.2.22 and 1.4.8 released
The Asterisk development team has released Asterisk versions 1.2.22 and 1.4.8. These releases contain fixes for four critical security vulnerabilities. One of these vulnerabilities is a remotely exploitable stack buffer overflow, which could allow an attacker to execute arbitrary code on the target machine. The other three are all remotely exploitable crash vulnerabilities. We have released Asterisk Security Advisories for each of the vulnerabilities. The current version of each advisory can be downloaded from the ftp site. http://ftp.digium.com/pub/asa/ASA-2007-014.pdf * Affected systems include those that bridge calls between chan_iax2 and any channel driver that uses RTP for media http://ftp.digium.com/pub/asa/ASA-2007-015.pdf * Affected systems include any system that has chan_iax2 enabled http://ftp.digium.com/pub/asa/ASA-2007-016.pdf * Affected systems include any system that has chan_skinny enabled http://ftp.digium.com/pub/asa/ASA-2007-017.pdf * Affected systems include any 1.4 system that has any channel driver that uses RTP for media enabled All users that have systems that meet any of the criteria listed above should upgrade as soon as possible. Thank you very much for your support. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.19 and 1.4.4 released
The Asterisk.org development team has announced the release of Zaptel versions 1.2.18 and 1.4.4. These releases are maintenance releases that fix various known issues. See the ChangeLog included in the releases for a full list of changes. The ChangeLogs are also available separately on the ftp site. Both releases are available as a tarball as well as a patch against the previous release. They are available for download from ftp.digium.com. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.21.1 and 1.4.7.1 released
The Asterisk development team has released Asterisk version 1.2.21.1 and 1.4.7.1. These releases are minor updates to the releases that were made yesterday to fix a couple of introduced issues. One issue was related to the ODBC realtime driver. Another was related to music on hold. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.21, 1.4.7 and Libpri 1.2.5, 1.4.1 released
The Asterisk development team is proud to announce a new batch of releases. There are new releases of Asterisk and Libpri for both the 1.2 and 1.4 series. The development team has been working especially hard on fixing bugs in our existing release branches. These releases are regular maintenance releases that include various bug fixes. The ChangeLog in each release tarball contains details on what bugs have been fixed. The contents of the ChangeLog can be viewed through our svn repository viewer. http://svn.digium.com/view/asterisk/tags/1.2.21/ChangeLog?view=markup http://svn.digium.com/view/asterisk/tags/1.4.7/ChangeLog?view=markup http://svn.digium.com/view/libpri/tags/1.2.5/ChangeLog?view=markup http://svn.digium.com/view/libpri/tags/1.4.1/ChangeLog?view=markup The releases are available for download from ftp.digium.com. They are available as both tarballs and patches against the previous release. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.20 and 1.4.6 released
The Asterisk development team is proud to announce the releases of versions 1.2.20 and 1.4.6! These releases are regular maintenance releases. They have been made just a couple of weeks after the previous set of releases because the development team has been working especially hard on fixing bugs lately. There has been a large volume of issues fixed in just two weeks. We would also like to continue to encourage the community to upgrade to the 1.4 series. There have been almost 100 changes to the 1.4 tree since the last release. Keep in mind that we are still planning to move the 1.2 series of Asterisk into security maintenance only beginning August 1st. Thank you for your support! ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.2.7 and 1.4.2 released
The Asterisk development team has announced the releases of Asterisk-addons 1.2.7 and 1.4.2. Version 1.2.7 contains some minor updates to the H323 channel driver that is in this package. Version 1.4.2 contains some additional bug fixes which include compatibility updates for Asterisk 1.4.5. These releases are available for download from ftp.digium.com. They are distributed as both tarballs and patches against the previous releases. Thank you for your support! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.19 and 1.4.5 released!
The Asterisk development team is proud to release Asterisk versions 1.2.19 and 1.4.5. There has been a very large number of bugs fixed since the last release, including crashes and other critical issues. There were 244 commits to the 1.4 source tree and 74 commits to the 1.2 source tree since the last set of releases. Also, keep in mind that the release branches are only changed to fix problems. In the same time frame, the development tree had 439 commits. There is a ChangeLog available in the tarball of each release with a complete list of changes. Keep in mind that the date for moving the 1.2 release series to security fix maintenance only will be coming within the next couple of months. We strongly encourage everyone to migrate to Asterisk 1.4. Don't forget to read the UPGRADE.txt file in 1.4 for important information regarding upgrading from 1.2. These releases are available for download from ftp.digium.com. They are distributed as both tarballs and patch sets against the previous releases. All release files have been signed with GPG keys from members of the Digium software development team to ensure authenticity. As always, thank you very much for your support! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.18 and 1.4.3 released!
The Asterisk and Zaptel development team is proud to announce the releases of Zaptel 1.2.18 and 1.4.3. This releases contains some updated hardware support as well as numerous bug fixes, including: * A fix for the potential for a rare deadlock between zaptel and the wct4xxp, wcte11xp, and wct1xxp drivers * Fixes for the VPM450M module on FC6 to correct a potential stack overflow scenario at load time. * Many updates to the Astribank driver These releases are available as both tarballs and patches against the previous releases. All files are available for download on ftp.digium.com. Thank you for your support! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk Release Maintenance News
Greetings Asterisk Enthusiasts, Last week, about 50 developers gathered in Atlanta, GA, USA at the Georgia Tech University's Information Security Center (GTISC) for a week of discussion about the future of Asterisk. One of the topics that came up was the future of the existing Asterisk release branches. Asterisk 1.2 was released in the Fall of 2005. At this time, Asterisk 1.0 was put into security maintenance, meaning that it only received changes to fix security issues, and not changes intended to fix less severe issues. Asterisk 1.4 was released in the Fall of 2006. At this time, Asterisk 1.0 became officially unsupported. However, we continued to fully maintain Asterisk 1.2. Now that Asterisk 1.4 has been out for about 5 months, we are taking steps toward moving Asterisk 1.2 to security maintenance only. We plan on aiming for this to happen on August 1st, 2007. What does this mean for you? It means that if you are using Asterisk 1.2, you should start considering a plan for upgrading your servers to Asterisk 1.4. Asterisk 1.2 is not going away anytime soon. You can expect that Asterisk 1.2 will be maintained for security issues until Asterisk 1.6 is released, and most likely longer than that. However, some time after Asterisk 1.6 is available, Asterisk 1.2 will become officially deprecated and no longer supported with fixes of any kind from the core Asterisk development community. We ask that you please work with us to help ensure that Asterisk 1.4 is a stable platform for your telephony needs. If you find a bug, please work with the development community to help get it resolved. After all, this is a community project! Remember, before creating a bug report on http://bugs.digium.com/, check to make sure there isn't already a report for the same problem. The development team is very dedicated to fixing bugs and maintaining feature frozen releases. Our maintenance of the Asterisk 1.2 series for over a year and a half is a testament to this. We are going to work very hard over the next couple of months to help ensure that Asterisk 1.4 is the best Asterisk release series yet. Thank you for your patience and understanding as we move forward with Asterisk development, and as always, thank you very much for your support! -- The Asterisk.org Development Team ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.4 Released
The Asterisk.org development team has released Asterisk version 1.4.4. A good number of significant bugs have been fixed in the past few days, so a new release was made to get these fixes to the community as soon as possible. Some of the fixes include: - Fix a crash in chan_zap - Fix some cases where IAX2 calls would get dropped - Merge a re-write of channel group counting support that fixes a lot of issues - Fix some DTMF issues related to the use of chan_agent - Fix a crash that occurs when using dialplan functions to set global variables As always, a ChangeLog is available that provides a full list of changes. The releases are available for download from ftp.digium.com. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.4.2.1 Released
The Asterisk.org development team has released Zaptel version 1.4.2.1. This release was made shortly after 1.4.2 to fix a bug in that build. This release contains a number of fixes and enhancements, including: - Added the ability to monitor pre-echo cancellation audio with ztmonitor - Fixed some places where there was the potential for memory corruption on SMP systems A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Zaptel 1.2.17.1 Released
The Asterisk.org development team has released Zaptel version 1.2.17.1. This release was made shortly after 1.2.17 to fix a bug in that build. This release contains a number of fixes and enhancements, including: - Added the ability to monitor pre-echo cancellation audio with ztmonitor - Fixed some places where there was the potential for memory corruption on SMP systems A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.4.1 Released
The Asterisk.org development team has released Asterisk-addons version 1.4.1. This release contains a large number of fixes, including: - Fix some memory leaks in res_config_mysql - Fix various issues in the OOH323 channel driver - Module updates to be compatible with the latest version of Asterisk 1.4. A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk-addons 1.2.6 Released
The Asterisk.org development team has released Asterisk-addons version 1.2.6. This release contains a large number of fixes, including: - Fix some memory leaks in res_config_mysql - Fix various issues in the OOH323 channel driver A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.4.3 Released
The Asterisk.org development team has released Asterisk version 1.4.3. This release contains a large number of fixes, including: - A recently published security vulnerability in the manager interface (ASA-2007-012) - Two recently published security vulnerabilities in the SIP channel driver (ASA-2007-010 and ASA-2007-011) A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.18 Released
The Asterisk.org development team has released Asterisk version 1.2.18. This release contains a large number of fixes, including: - A recently published security vulnerability in the manager interface (ASA-2007-012) - Another recently published security vulnerability in the SIP channel driver (ASA-2007-011) A full list of changes is available in the ChangeLog. Thank you for your support of Asterisk.org! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.12.1 and Zaptel 1.2.9.1 Released
Earlier this week 'refresh' releases of these two projects were put on our FTP servers, but due to some miscommunication on our end no announcements were sent out... so here they are :-) Asterisk 1.2.12.1 fixes one significant bug that was introduced after 1.2.10 but which hadn't been corrected yet when 1.2.12 was released (this bug is related to setting up transcoding paths between channels). It also fixes a small problem with the Page() dialplan application. Zaptel 1.2.9.1 fixes a problem with the fw2h tool that builds a header file for VPM450 firmware, and also corrects a packaging problem that caused the Octasic API kit to not be included in the 1.2.9 tarball. As always, these releases are on our FTP servers in tarball and patch form (although the patch form of the Zaptel update is unlikely to apply properly given the number of files that were moved around in the source tree) and signed with our GPG keys. Thanks for using and supporting Asterisk and Zaptel! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.2.12 and Zaptel 1.2.9 released!
The Asterisk Development Team is pleased to announce new releases of Asterisk and Zaptel! Asterisk 1.2.12 includes a number of bug fixes, including fixes for two regressions that occurred in the 1.2.11 release. Specifically, the AGI 'GET VARIABLE' command has now gone back to its previous behavior, and CDR records now reflect the CallerID number instead of ANI in the situations that this was the case in earlier 1.2 releases. Zaptel 1.2.9 include a small number of bug fixes, an update to the embedded Octasic API for the VPMOCT echo canceller modules, and reverts to the use of hardware DTMF detection on VPM400M modules (as it was in pre-1.2.8 releases). As always, the release files are available on the Digium FTP servers at http://ftp.digium.com, in both tarball and patch file form. All of the release files have been signed with our GPG keys and the signature files are available in the same directories as the release files. Thanks for using and supporting Asterisk! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk 1.2.9 and 1.0.11 Released -- Security Fix
The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk 1.0.11 to address a security vulnerability in the IAX2 channel driver (chan_iax2). The vulnerability affects all users with IAX2 clients that might be compromised or used by a malicious user, and can lead to denial of service attacks and random Asterisk server crashes via a relatively trivial exploit. All users are urged to upgrade as soon as they can practically do so, or ensure that they don't expose IAX2 services to the public if it is not necessary. The release files are available in the usual place (ftp.digium.com), as both tarballs and patch files relative to the last release. In addition, both the tarballs and the patch files have been signed using GPG keys of the release maintainers, so that you can ensure their authenticity. Thank you for your support of Asterisk! ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk-addons 1.2.3 released
The Asterisk development team has released version 1.2.3 of the Asterisk-addons package. This release contains many fixes for the Objective Systems H.323 channel driver. All users of this module are strongly encouraged to upgrade. This version is available for download from ftp.digium.com as both a complete tarball as well as a patch against the previous version. Thank you for for your support of Asterisk! ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk-addons 1.2.2 released
Version 1.2.2 of Asterisk-Addons has been released. It contains many updates for the Objective Systems Open H.323 channel driver for Asterisk. Users of this channel driver should update to this version. It is available for download on the ftp site: http://ftp.digium.com/pub/asterisk/asterisk-addons-1.2.2.tar.gz Thanks! -- The Asterisk Development Team ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk 1.2.5 Released
Asterisk 1.2.5 is now available for download on the ftp. See the ChangeLog for details about what has changed. ftp://ftp.digium.com/pub/telephony/asterisk/ As mentioned in the release announcement for Zaptel 1.2.4, our releases now contain some extra files. The Asterisk release is available as asterisk-1.2.5.tar.gz. However, there is also a patch against the previous release as an option for a smaller download, asterisk-1.2.5-patch.gz. For both the release tarballs and release patches, we have provided SHA-1 sums and PGP signatures. To verify the releases, you will need the public keys of both [EMAIL PROTECTED] and [EMAIL PROTECTED] Both are available on the keyserver, pgp.mit.edu. Thank you for your continued support of Asterisk! -- The Asterisk Development Team ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] [asterisk-dev] Zaptel 1.2.4 Released!
The Asterisk/Zaptel development team is pleased to announce the release of Zaptel 1.2.4. This release contains a number of bug fixes, along some with new functionality: * The driver for the Xorcom Astribank has been incorporated into this distribution. Xorcom will provide primary support and driver maintenance for customers using this product. * The driver for the Digium Wildcard TDM2400P has been upgraded to support revision B of the VPM100M echo cancellation module. * The special parameters required for the Digium Wildcard TDM400P when used on the Australian PSTN are now automatically set when the opermode is set to 'AUSTRALIA'. The release is available on the Digium FTP servers under the name zaptel-1.2.4.tar.gz, and also as a patch from version 1.2.3 (in file zaptel-1.2.4-patch.gz). In addition, beginning with this release we have included an SHA-1 sum of the files (in files zaptel-1.2.4.tar.gz.sum and zaptel-1.2.4-patch.gz.sum) and GPG signatures (in files zaptel-1.2.4.tar.gz.sign and zaptel-1.2.4-patch.gz.sign) verifying that this is an official Zaptel release. You can retrieve the public keys for [EMAIL PROTECTED] and [EMAIL PROTECTED] from the keyserver, pgp.mit.edu. Thanks for your support of Asterisk and Zaptel! ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Zaptel 1.2.4 Released!
The Asterisk/Zaptel development team is pleased to announce the release of Zaptel 1.2.4. This release contains a number of bug fixes, along some with new functionality: * The driver for the Xorcom Astribank has been incorporated into this distribution. Xorcom will provide primary support and driver maintenance for customers using this product. * The driver for the Digium Wildcard TDM2400P has been upgraded to support revision B of the VPM100M echo cancellation module. * The special parameters required for the Digium Wildcard TDM400P when used on the Australian PSTN are now automatically set when the opermode is set to 'AUSTRALIA'. The release is available on the Digium FTP servers under the name zaptel-1.2.4.tar.gz, and also as a patch from version 1.2.3 (in file zaptel-1.2.4-patch.gz). In addition, beginning with this release we have included an SHA-1 sum of the files (in files zaptel-1.2.4.tar.gz.sum and zaptel-1.2.4-patch.gz.sum) and GPG signatures (in files zaptel-1.2.4.tar.gz.sign and zaptel-1.2.4-patch.gz.sign) verifying that this is an official Zaptel release. You can retrieve the public keys for [EMAIL PROTECTED] and [EMAIL PROTECTED] from the keyserver, pgp.mit.edu. Thanks for your support of Asterisk and Zaptel! ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk 1.2.4 and Zaptel 1.2.3
Asterisk 1.2.4 and Zaptel 1.2.3 have been released! This update of Asterisk includes a fix for a significant memory leak in the expression parser that is present in all previous releases of Asterisk 1.2. This version of Zaptel includes support for the new generation of VPM100M echo cancellation modules from Digium. For further information about all changes that have been made, consult the appropriate ChangeLog in the tarball or on the ftp site. Thank you! -- The Asterisk Development Team ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users