Archive for category t.38
Asterisk Security Advisory – AST-2010-001: T.38 Remote Crash Vulnerability
Posted by admin in Asterisk Security Advisories, Security Advisories, asterisk, sip, t.38 on February 2, 2010
Asterisk The Open Source PBX & Telephony Platform
Asterisk Project Security Advisory - AST-2010-001
| Product | Asterisk |
| Summary | T.38 Remote Crash Vulnerability |
| Nature of Advisory | Denial of Service |
| Susceptibility | Remote unauthenticated sessions |
| Severity | Critical |
| Exploits Known | No |
| Reported On | 12/03/09 |
| Reported By | issues.asterisk.org users bklang and elsto |
| Posted On | 02/03/10 |
| Last Updated On | February 2, 2010 |
| Advisory Contact | David Vossel < dvossel AT digium DOT com > |
| CVE Name | CVE-2010-0441 |
Asterisk 1.6.0.22, Asterisk 1.6.1.14, Asterisk 1.6.2.2 Released
Posted by admin in Asterisk Security Advisories, Releases, Security Advisories, asterisk, sip, t.38 on February 2, 2010
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for Asterisk as the following versions:
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash will occur when the FaxMaxDatagram field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please read the security advisory AST-2010-001, which was released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.22
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2
Security advisory AST-2010-001 is available at:
http://asterisk.net.ru/en/2010/02/03/asterisk-security-advisory-ast-2010-001-t-38-remote-crash-vulnerability/
Thank you for your continued support of Asterisk!
Asterisk 1.4.29 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.4.29.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.29 resolved several issues reported by the community, and would have not been possible without your participation. Thank you!
- Fix to Monitor which previously assumed the file to write to did not contain pathing.
(Closes issue #16377, #16376. Reported by bcnit. Patched by dant. - Propertly set T.38 attributes and don’t return before T.38 ports are configured when T.38 is found but no audio stream is found.
(Closes issue #16318. Reported by bird_of_Luck. Tested by vrban, mihaill. Patched by vrban, mnicholson.) - Avoid crashes with large numbers of MeetMe conferences.
(Closes issue #16509. Reported by Kashif Raza. Tested, Patched by seanbright.) - Change in ’sip show channels’ display format allowing more digits for CID.
(Closes issue #16459. Reported, Patched by Rzadzins. - Revise documentation on disposition values to the actual values used.
(Closes issue #16289. Reported by wdoekes.)
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.4.29-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.29
Thank you for your continued support of Asterisk!
Read the rest of this entry »
Fax For Asterisk 1.1.6 Release Announcement
T.38 fax for Asterisk
Digium is pleased to announce the release of version 1.1.6 of its Fax For Asterisk product, a commercial grade FAX add-on module for open source Asterisk.
This release contains a number of significant improvements, including:
- Support for 64-bit Linux installations.
- Reduction in resource consumption, and increase in performance, of T.38 session handling.
- Simplification of session handling during transition from G.711 to T.38 mode.
- Adoption of the latest Asterisk T.38 negotiation API, ensuring interoperability with a wide range of T.38 endpoints.
Version 1.1.6 of Fax For Asterisk is available for immediate download at http://www.digium.com/en/docs/FAX/faa-download.php. Note that because this release uses the very latest T.38 negotiation mechanism in Asterisk, it is not compatible with all released versions of Asterisk. The Fax For Asterisk download selector lists the Asterisk versions supported by this release.
For more information about Fax For Asterisk, please visit the product page.
Thank you for your support!
Read the rest of this entry »
Asterisk 1.6.0.20 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.6.0.20.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.0.20 resolved several issues reported by the community, and would have not been possible without your participation. Thank you!
- clarify requirecalltoken option in iax.sample.conf (closes issue #16223), reported, patched by: bklang
- Prevent double closing of FDs by EIVR (closes issue #16305), reported by: diLLec, patched, tested by: thedavidfactor
- Fix multiple issues with musiconhold, which led to classes not getting destroyed properly. (closes issues #16279, #16207), reported by: parisioa, dcabot, patched by: tilghman, tested by: parisioa, tilghman
- Send ack (response/message) after receiving manager action userevent (closes issue #16264), reported, patched by: dimas
- Make manager response to “Action: events” finish with empty line (closes issue #16275), reported, patched by: vnovy
This release also contains significant improvements to T.38 support. Anyone who has tried T.38 faxing in the past should try again as most problems should now be resolved.
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.0.20-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.20
Thank you for your continued support of Asterisk!
Read the rest of this entry »
Asterisk 1.6.0.14-rc1 and Asterisk 1.6.1.5-rc1 released
Posted by admin in Release Candidates, asterisk, t.38 on August 20, 2009
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced release candidates for Asterisk versions 1.6.0.14 and 1.6.1.5. The release candidates 1.6.0.14-rc1 and 1.6.1.5-rc1 are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
This release fixes several community reported issues, including those related to T.38 (issues #15649, #15610).
For a full list of changes in this release candidate, please see the ChangeLogs:
http://svn.asterisk.org/svn/asterisk/tags/1.6.0.14-rc1/ChangeLog
http://svn.asterisk.org/svn/asterisk/tags/1.6.1.5-rc1/ChangeLog
Issues found in any release candidate can be reported at https://issues.asterisk.org
Thank you for your continued support of Asterisk!
Asterisk 1.6.0.11-rc2, 1.6.1.2, 1.6.1.3-rc1, and 1.6.2.0-beta4 Release Announcement
Posted by admin in Asterisk Security Advisories, Release Candidates, Releases, Security Advisories, asterisk, t.38 on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the the second release candidate of 1.6.0.11, the release of 1.6.1.2, the first release candidate of 1.6.1.3, and the fourth beta of 1.6.2.0. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/.
The release of 1.6.1.2 fixes a remote crash security vulnerability in the RTP stack. The related security advisory AST-2009-004 has been released along with this announcement. Please read that advisory for more information.
The release candidates and betas, in addition to other fixes, contain a major re-work of the T.38 support in Asterisk. If you’ve been having trouble with T.38 in the 1.6 series, you are strongly encouraged to try one of these release candidates to determine if these changes fixed your T.38 issues.
Fax For Asterisk
T.38 fax for Asterisk
Digium’s Fax For Asterisk is a commercial facsimile (Fax) termination and origination solution designed to enhance the capabilities of Open Source and commercial Asterisk as well as Switchvox. Fax For Asterisk bundles a suite of user-friendly Asterisk applications and a licensed version of the industry’s leading fax modem software from Commetrex. Fax For Asterisk provides low speed (14400bps) PSTN faxing via DAHDI-compatible telephony boards as well as VoIP faxing to T.38-compatible SIP endpoints and service providers. Licensed on a per-channel basis, Digium’s Fax For Asterisk provides a complete, cost-effective, commercial fax solution for Asterisk users.
Fax For Asterisk provides two components: res_fax and res_fax_digium. Res_fax is an Asterisk resource module that adds fax termination and origination functionality in Asterisk. It provides Asterisk dialplan functions and dialplan applications to enable the user to build highly-customizable fax solutions. Res_fax_digium provides core fax processing functionality in the form of several supported fax modems — V.21, V.27ter, V.29, and V.17 — to achieve speeds up to 14400bps.
-
You are currently browsing the archives for the t.38 category.
