Asterisk News

Asterisk Releases

Asterisk 1.8.28-cert3, 1.8.32.1, 11.6-cert8, 11.14.1, 12.7.1, 13.0.1 Now Available (Security Release)

Nov 20, 2014

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerabilities:

  • AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families
    Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address as the first ACL entry, that packet bypasses all ACL rules.
  • AST-2014-018: Permission Escalation through DB dialplan function
    The DB dialplan function when executed from an external protocol, such as AMI, could result in a privilege escalation. Users with a lower class authorization in AMI can access the internal Asterisk database without the required SYSTEM class authorization. In addition, the release of 11.6-cert8 and 11.14.1 resolves the following security vulnerability:
  • AST-2014-014: High call load with ConfBridge can result in resource exhaustion
    The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Unload load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely.

In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves the following security vulnerability:

  • AST-2014-017: Permission Escalation via ConfBridge dialplan function and AMI ConfbridgeStartRecord Action
    The CONFBRIDGE dialplan function when executed from an external protocol (such as AMI) can result in a privilege escalation as certain options within that function can affect the underlying system. Additionally, the AMI ConfbridgeStartRecord action has options that would allow modification of the underlying system, and does not require SYSTEM class authorization in AMI.

Finally, the release of 12.7.1 and 13.0.1 resolves the following security vulnerabilities:

  • AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack
    The Asterisk module res_pjsip provides the ability to configure ACLs that may be used to reject SIP requests from various hosts. However, the module currently fails to create and apply the ACLs defined in its configuration file on initial module load.
  • AST-2014-015: Remote crash vulnerability in PJSIP channel driver
    The chan_pjsip channel driver uses a queue approach for relating to SIP sessions. There exists a race condition where actions may be queued to answer a session or send ringing after a SIP session has been terminated using a CANCEL request. The code will incorrectly assume that the SIP session is still active and attempt to send the SIP response. The PJSIP library does not expect the SIP session to be in the disconnected state when sending the response and asserts.
  • AST-2014-016: Remote crash vulnerability in PJSIP channel driver
    When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using a freed channel which will likely result in a crash.

For more information about the details of these vulnerabilities, please read security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs:

The security advisories are available at:

Thank you for your continued support of Asterisk!


Asterisk 12.7.0 Now Available

Nov 10, 2014

The Asterisk Development Team has announced the release of Asterisk 12.7.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.7.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20567] - bashism in autosupport
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23781] - outgoing missing as enum from contrib/ast-db-manage/config
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24122] - Documentaton for res_pjsip option use_avpf needs to be fixed
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24195] - bridge_native_rtp: Removing mixmonitor from a native RTP capable smart bridge doesn't cause the bridge to resume being a native rtp bridge
  • [ASTERISK-24199] - 'ALL' is specified in pjsip.conf.sample for TLS cipher but it is not valid
  • [ASTERISK-24224] - When using Bridge() dialplan application, surrogate channel appears in list and call count is inflated.
  • [ASTERISK-24262] - AMI CoreShowChannel missing several output fields and event documentation
  • [ASTERISK-24295] - crash: creating out of dialog OPTIONS request crashes
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24312] - SIGABRT when improperly configured realtime pjsip
  • [ASTERISK-24321] - SIP deadlock when running automated queues tests
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24326] - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted
  • [ASTERISK-24327] - bridge_native_rtp: Smart bridge operation to softmix sometimes fails to properly re-INVITE remotely bridged participants
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24339] - Swagger API Docs have incorrect basePath
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24350] - PJSIP shows commands prints unneeded headers
  • [ASTERISK-24354] - AMI sendMessage closes AMI connection on error
  • [ASTERISK-24356] - PJSIP: Directed pickup causes deadlock
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24362] - res_hep leaks reference to configuration
  • [ASTERISK-24369] - res_pjsip: Large message on reliable transport can cause empty messages to be passed from the PJSIP stack up, causing crashes in multiple locations
  • [ASTERISK-24370] - res_pjsip/pjsip_options: OPTIONS request sent to Asterisk with no user in request is always 404'd
  • [ASTERISK-24378] - Release AMI connections on shutdown
  • [ASTERISK-24381] - res_pjsip_sdp_rtp: Declined media streams are interpreted, leading to erroneous 488 rejections
  • [ASTERISK-24382] - chan_pjsip: Calling PJSIP_MEDIA_OFFER on a non-PJSIP channel results in an invalid reference of a channel pvt and a FRACK
  • [ASTERISK-24383] - res_rtp_asterisk: Crash if no candidates received for component
  • [ASTERISK-24384] - chan_motif: format capabilities leak on module load error
  • [ASTERISK-24385] - chan_sip: process_sdp leaks on an error path
  • [ASTERISK-24387] - res_pjsip: rport sent from UAS MUST include the port that the UAC sent the request on
  • [ASTERISK-24392] - res_fax: fax gateway sessions leak
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24394] - CDR: FRACK with PJSIP directed pickup.
  • [ASTERISK-24398] - Initialize auth_rejection_permanent on client state to the configuration parameter value
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24411] - [patch] Status of outbound registration is not changed upon unregistering.
  • [ASTERISK-24415] - Missing AMI VarSet events when channels inherit variables.
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24426] - CDR Batch mode: size used as time value after first expire
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24437] - Review implementation of ast_bridge_impart for leaks and document proper usage
  • [ASTERISK-24453] - manager: acl_change_sub leaks
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24462] - res_pjsip: Stale qualify statistics after disablementation
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks
  • [ASTERISK-24487] - configuration: sections should be loadable as template even when not marked

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.7.0

Thank you for your continued support of Asterisk!


Asterisk 11.14.0 Now Available

Nov 10, 2014

The Asterisk Development Team has announced the release of Asterisk 11.14.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.14.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20567] - bashism in autosupport
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24304] - asterisk crashing randomly because of unistim channel
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24326] - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24354] - AMI sendMessage closes AMI connection on error
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24378] - Release AMI connections on shutdown
  • [ASTERISK-24383] - res_rtp_asterisk: Crash if no candidates received for component
  • [ASTERISK-24384] - chan_motif: format capabilities leak on module load error
  • [ASTERISK-24385] - chan_sip: process_sdp leaks on an error path
  • [ASTERISK-24390] - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE
  • [ASTERISK-24392] - res_fax: fax gateway sessions leak
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24430] - missing letter "p" in word response in OriginateResponse event documentation
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24454] - app_queue: ao2_iterator not destroyed, causing leak
  • [ASTERISK-24457] - res_fax: fax gateway frames leak
  • [ASTERISK-24466] - app_queue: fix a couple leaks to struct call_queue
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0

Thank you for your continued support of Asterisk!


Asterisk 1.8.32.0 Now Available

Nov 10, 2014

The Asterisk Development Team has announced the release of Asterisk 1.8.32.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.32.0 resolves several issues reported by the community and would have not been possible without your participation.

Thank you!

The following are the issues resolved in this release:

Bug

  • [ASTERISK-13797] - [patch] relax badshell tilde test
  • [ASTERISK-15879] - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-18923] - res_fax_spandsp usage counter is wrong
  • [ASTERISK-20784] - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak
  • [ASTERISK-21721] - SIP Failed to parse multiple Supported: headers
  • [ASTERISK-22791] - asterisk sends Re-INVITE after receiving a BYE
  • [ASTERISK-22945] - [patch] Memory leaks in chan_sip.c with realtime peers
  • [ASTERISK-23768] - [patch] Asterisk man page contains a (new) unquoted minus sign
  • [ASTERISK-23846] - Unistim multilines. Loss of voice after second call drops (on a second line).
  • [ASTERISK-24011] - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM
  • [ASTERISK-24063] - [patch]Asterisk does not respect outbound proxy when sending qualify requests
  • [ASTERISK-24190] - IMAP voicemail causes segfault
  • [ASTERISK-24307] - Unintentional memory retention in stringfields
  • [ASTERISK-24325] - res_calendar_ews: cannot be used with neon 0.30
  • [ASTERISK-24335] - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls
  • [ASTERISK-24348] - Built-in editline tab complete segfault with MALLOC_DEBUG
  • [ASTERISK-24357] - [fax] Out of bounds error in update_modem_bits
  • [ASTERISK-24390] - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE
  • [ASTERISK-24393] - rtptimeout=0 doesn't disable rtptimeout
  • [ASTERISK-24406] - Some caller ID strings are parsed differently since 11.13.0
  • [ASTERISK-24425] - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566)
  • [ASTERISK-24432] - Install refcounter.py when REF_DEBUG is enabled
  • [ASTERISK-24436] - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0
  • [ASTERISK-24476] - main/app.c / app_voicemail: ast_writestream leaks

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0

Thank you for your continued support of Asterisk!

 


Asterisk 12.7.0-rc2 Now Available

Nov 7, 2014

The Asterisk Development Team has announced the second release candidate of Asterisk 12.7.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.7.0-rc2 resolves an issue reported by the community and would have not been possible without your participation.

Thank you!

The following is the issue resolved in this release candidate:

  • Fix unintential memory retention in stringfields.
    (Closes issue ASTERISK-24307. Reported by Etienne Lessard)

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.7.0-rc2

Thank you for your continued support of Asterisk!


Pages

Subscribe to