Asterisk News

Asterisk 1.8.15-cert3, 1.8.23.1, 10.12.3, 10.12.3-digiumphones, 11.2-cert2, and 11.5.1 Now Available (Security Release)

Aug 27, 2013

 

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones, and 11.5.1.
 
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

 
The release of these versions resolve the following issues:
  • A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.
  • A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.                            
 
These issues and their resolutions are described in the security advisories.
 
For more information about the details of these vulnerabilities, please read security advisories AST-2013-004 and AST-2013-005, which were released at the same time as this announcement.
 
For a full list of changes in the current releases, please see the ChangeLogs:
The security advisories are available at:
Thank you for your continued support of Asterisk!

 


Asterisk 11.5.0 Now Available

Jul 15, 2013

The Asterisk Development Team has announced the release of Asterisk 11.5.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.5.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!

The following are the issues resolved in this release:

  • [ASTERISK-17386] - [patch] res_config_ldap with malloc_debug produces munmap_chunk(): invalid pointer:
  • [ASTERISK-17436] - random deadlocks - SIP messages not being processed
  • [ASTERISK-17458] - Deadlocks when using pthread timer
  • [ASTERISK-17467] - external moh is blocked when using dahdi timer
  • [ASTERISK-18207] - externnotify script called with (null) context parameter during pollmessages run, essentially stopping it from running.
  • [ASTERISK-19431] - Asterisk Russian language support missing voicemail prompts
  • [ASTERISK-19754] - Deadlock in chan_sip / pthread_timing
  • [ASTERISK-19883] - [patch] - RTP packet with Timestamp=0 on Multicast paging
  • [ASTERISK-20225] - Segmentation Fault on manager_play_dtmf sip_senddigit_end
  • [ASTERISK-20577] - Asterisk deadlocks waiting for timer in res_timing_pthread while running AGI script
  • [ASTERISK-21061] - Nortel I2004 unwanted autoanswer
  • [ASTERISK-21069] - xmpp distributed device states aggregation update fails
  • [ASTERISK-21120] - Unable to properly hang up calls when second line rings
  • [ASTERISK-21125] - Asterisk 11 needs libuuid in configure script due to pjproject
  • [ASTERISK-21151] - 'Squelching' early media in DAHDI (sig_pri)
  • [ASTERISK-21164] - Need clarification on distributed device state behavior and whether this behavior is a possible regression
  • [ASTERISK-21246] - [patch] use of rtpkeepalive uses CN packet with marker bit set, plus a ULAW payload instead of CN
  • [ASTERISK-21302] - [patch] app_voicemail crashes on config error and there are some potential memory leaks
  • [ASTERISK-21329] - chan_alsa: patch for crash when audio device in unexpected state
  • [ASTERISK-21356] - Segfault during bridge channel proxy inspection in a masquerade caused by an AMI Redirect of two channels
  • [ASTERISK-21374] - [patch] One-way Audio With auto_* NAT Settings When SIP Calls Initiated By PBX
  • [ASTERISK-21389] - res_timing_pthread fails to return from write, causing timer dependent operations to block indefinitely
  • [ASTERISK-21394] - [patch] - Fundamental changes to CDR within single asterisk family (1.8) during externally initiated blind transfers with an h extension present
  • [ASTERISK-21397] - [patch] manager crash on unloading app_queue
  • [ASTERISK-21401] - [patch] codec_resample cannot be unloaded
  • [ASTERISK-21407] - [patch] features_shutdown doesn't finish cleanup
  • [ASTERISK-21409] - [patch] - Race condition with IAX2 transfer, 2 releases happen on same call legs. locks up with many threads blocked by iax2_destroy_helper
  • [ASTERISK-21412] - [patch] config.c/config_text_file_load() leaks globbuf
  • [ASTERISK-21429] - Distributed Device State using JABBER/XMPP not working since Secuity Advisory AST-2012-015
  • [ASTERISK-21430] - [patch] Call ID missing when logging through syslog
  • [ASTERISK-21466] - [patch] [crash] command (sip show peers) crashes Asterisk with ~3500 registered peers
  • [ASTERISK-21522] - [patch] DTMF end is not always processed, causes one-way audio
  • [ASTERISK-21664] - Asterisk terminates calls if Session-Expires isn't present on INVITE
  • [ASTERISK-21677] - NOTIFYs for BLF start queuing up and fail to be sent out
  • [ASTERISK-21716] - [patch] logger thread sometimes exits with messages still queued
  • [ASTERISK-21719] - [patch] res_srtp doesn't cleanup srtp library
  • [ASTERISK-21723] - [patch] pbx cleanup is incomplete
  • [ASTERISK-21724] - [patch] __ast_rwlock_destroy can segfault with DEBUG_THREADS
  • [ASTERISK-21738] - [patch] Segfault On Realtime Queue Members Processing
  • [ASTERISK-21742] - SIP Session-Expires: Set timer to correctly expire at (~2/3) of the expiry interval when not the refresher.
  • [ASTERISK-21744] - [patch] - fix lower bound check with -ve integer conversion from a float
  • [ASTERISK-21779] - Manager closes connection when a SendText action is requested during hangup
  • [ASTERISK-21782] - Delayed audio to agent when answering a queue call
  • [ASTERISK-21785] - __ao2_ref_debug() logs to /tmp/refs when REF_DEBUG is not defined
  • [ASTERISK-21787] - No IAX2 communication either user/peer or friend accounts
  • [ASTERISK-21793] - Segmentation fault when dealing with Agent channels
  • [ASTERISK-21799] - [patch] Dropouts/distortion in MixMonitor recording when recording RTP with ptime of 60ms
  • [ASTERISK-21800] - ooh323 channels stuck if no gatekeer or ooh323 reload

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0

Thank you for your continued support of Asterisk!


Asterisk 1.8.23.0 Now Available

Jul 15, 2013

The Asterisk Development Team has announced the release of Asterisk 1.8.23.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.23.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!

The following are the issues resolved in this release:

  • [ASTERISK-17386] - [patch] res_config_ldap with malloc_debug produces munmap_chunk(): invalid pointer:
  • [ASTERISK-17436] - random deadlocks - SIP messages not being processed
  • [ASTERISK-17458] - Deadlocks when using pthread timer
  • [ASTERISK-17467] - external moh is blocked when using dahdi timer
  • [ASTERISK-18207] - externnotify script called with (null) context parameter during pollmessages run, essentially stopping it from running.
  • [ASTERISK-19431] - Asterisk Russian language support missing voicemail prompts
  • [ASTERISK-19754] - Deadlock in chan_sip / pthread_timing
  • [ASTERISK-19883] - [patch] - RTP packet with Timestamp=0 on Multicast paging
  • [ASTERISK-20225] - Segmentation Fault on manager_play_dtmf sip_senddigit_end
  • [ASTERISK-20577] - Asterisk deadlocks waiting for timer in res_timing_pthread while running AGI script
  • [ASTERISK-21069] - xmpp distributed device states aggregation update fails
  • [ASTERISK-21151] - 'Squelching' early media in DAHDI (sig_pri)
  • [ASTERISK-21164] - Need clarification on distributed device state behavior and whether this behavior is a possible regression
  • [ASTERISK-21225] - [patch] Setting nat=force_rport in [general] sip.conf will never work
  • [ASTERISK-21243] - [patch] Backport Appropiate NAT Setting Cleanups To 1.8
  • [ASTERISK-21246] - [patch] use of rtpkeepalive uses CN packet with marker bit set, plus a ULAW payload instead of CN
  • [ASTERISK-21302] - [patch] app_voicemail crashes on config error and there are some potential memory leaks
  • [ASTERISK-21329] - chan_alsa: patch for crash when audio device in unexpected state
  • [ASTERISK-21356] - Segfault during bridge channel proxy inspection in a masquerade caused by an AMI Redirect of two channels
  • [ASTERISK-21389] - res_timing_pthread fails to return from write, causing timer dependent operations to block indefinitely
  • [ASTERISK-21394] - [patch] - Fundamental changes to CDR within single asterisk family (1.8) during externally initiated blind transfers with an h extension present
  • [ASTERISK-21397] - [patch] manager crash on unloading app_queue
  • [ASTERISK-21407] - [patch] features_shutdown doesn't finish cleanup
  • [ASTERISK-21409] - [patch] - Race condition with IAX2 transfer, 2 releases happen on same call legs. locks up with many threads blocked by iax2_destroy_helper
  • [ASTERISK-21412] - [patch] config.c/config_text_file_load() leaks globbuf
  • [ASTERISK-21429] - Distributed Device State using JABBER/XMPP not working since Secuity Advisory AST-2012-015
  • [ASTERISK-21466] - [patch] [crash] command (sip show peers) crashes Asterisk with ~3500 registered peers
  • [ASTERISK-21522] - [patch] DTMF end is not always processed, causes one-way audio
  • [ASTERISK-21664] - Asterisk terminates calls if Session-Expires isn't present on INVITE
  • [ASTERISK-21677] - NOTIFYs for BLF start queuing up and fail to be sent out
  • [ASTERISK-21716] - [patch] logger thread sometimes exits with messages still queued
  • [ASTERISK-21719] - [patch] res_srtp doesn't cleanup srtp library
  • [ASTERISK-21723] - [patch] pbx cleanup is incomplete
  • [ASTERISK-21724] - [patch] __ast_rwlock_destroy can segfault with DEBUG_THREADS
  • [ASTERISK-21742] - SIP Session-Expires: Set timer to correctly expire at (~2/3) of the expiry interval when not the refresher.
  • [ASTERISK-21744] - [patch] - fix lower bound check with -ve integer conversion from a float
  • [ASTERISK-21779] - Manager closes connection when a SendText action is requested during hangup
  • [ASTERISK-21782] - Delayed audio to agent when answering a queue call
  • [ASTERISK-21787] - No IAX2 communication either user/peer or friend accounts
  • [ASTERISK-21793] - Segmentation fault when dealing with Agent channels
  • [ASTERISK-21799] - [patch] Dropouts/distortion in MixMonitor recording when recording RTP with ptime of 60ms
  • [ASTERISK-21800] - ooh323 channels stuck if no gatekeer or ooh323 reload

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0

Thank you for your continued support of Asterisk!

 
 
 
 
                

Asterisk 11.5.0-rc1 Now Available

Jun 10, 2013

 

The Asterisk Development Team has announced the first release candidate of Asterisk 11.5.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk
 
The release of Asterisk 11.5.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
 
The following is a sample of the issues resolved in this release candidate:
  • Fix a memory copying bug in slinfactory which was causing mixmonitor issues.
    (Closes issue ASTERISK-21799. Reported by Michael Walton)
  • app_voicemail: Add blank argument to externnotify if no context argument
    (Closes issue ASTERISK-18207. Reported by Barry L. Kline)
  • Fix CDR not being created during an externally initiated blind transfer
    (Closes issue ASTERISK-21394. Reported by Ishfaq Malik)
  • Fix One-Way Audio With auto_* NAT Settings When SIP Calls Initiated By PBX
    (Closes issue ASTERISK-21374. Reported by Michael L. Young)
  • Fix crash when AMI redirect action redirects two channels out of a bridge.
    (Closes issue ASTERISK-21356. Reported by William luke)
For a full list of changes in this release candidate, please see the ChangeLog:
 
 
Thank you for your continued support of Asterisk!
 

Asterisk 1.8.23.0-rc1 Now Available

Jun 10, 2013

 

The Asterisk Development Team has announced the first release candidate of Asterisk 1.8.23.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk
 
The release of Asterisk 1.8.23.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
 
The following is a sample of the issues resolved in this release candidate:
  • Fix a memory copying bug in slinfactory which was causing mixmonitor issues.
    (Closes issue ASTERISK-21799. Reported by Michael Walton)
  • app_voicemail: Add blank argument to externnotify if no context argument
    (Closes issue ASTERISK-18207. Reported by Barry L. Kline)
  • Fix CDR not being created during an externally initiated blind transfer
    (Closes issue ASTERISK-21394. Reported by Ishfaq Malik)
  • Fix segfault when dealing with chan_agent channels.
    (Closes issue ASTERISK-21793. Reported by Rodrigo P. Telles)
  • Fix For Not Overriding The Default Settings In chan_sip
    (Closes issue ASTERISK-21225. Reported by Alexandre Vezina)
For a full list of changes in this release candidate, please see the ChangeLog:
 
 
Thank you for your continued support of Asterisk!

Pages

Subscribe to