Posts Tagged rtp
Asterisk 1.6.2.8 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.6.2.8. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.2.8 resolves several issues reported by the community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
- Enable auto complete for CLI command ‘logger set level’.
(Closes issue #17152. Reported, patched by pabelanger) - Make the mixmonitor thread process audio frames faster.
(Closes issue #17078. Reported, tested by geoff2010. Patched by dhubbard) - Add missing ‘useragent’ field to sip-friends.sql file.
(Closes issue #17171. Reported, patched by thehar) - Add example dialplan for dialing ISN numbers (http://www.freenum.org)
(Closes issue #17058. Reported, patched by pprindeville) - Fix issue with double “sip:” in header field.
(Closes issue #15847. Reported, patched by ebroad) - Add ability to generate ASCII documentation from the TeX files by running ‘make asterisk.txt’.
(Closes issue #17220. Reported by lmadsen. Tested, patched by pabelanger) - When StopMonitor() is called, ensure that it will not be restarted by a channel event.
- Small error in the T.140 RTP port verbose log.
(Closes issue #16998. Reported, patched by frawd. Tested by russell)
(Closes issue #16590. Reported, patched by kkm)
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.8
Thank you for your continued support of Asterisk!
Asterisk Security Advisory – AST-2009-004
Posted by admin in Asterisk Security Advisories, Security Advisories, asterisk on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
Asterisk Project Security Advisory – AST-2009-004
An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
Users should upgrade to a version listed in the “Corrected In” section below.
Product | Asterisk |
Summary | Remote Crash Vulnerability in RTP stack |
Nature of Advisory | Exploitable Crash |
Susceptibility | Remote unauthenticated sessions |
Severity | Critical |
Exploits Known | No |
Reported On | July 27, 2009 |
Reported By | Marcus Hunger <hunger AT sipgate DOT de> |
Posted On | August 2, 2009 |
Last Updated On | August 2, 2009 |
Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
CVE Name |
Asterisk 1.6.0.11-rc2, 1.6.1.2, 1.6.1.3-rc1, and 1.6.2.0-beta4 Release Announcement
Posted by admin in Asterisk Security Advisories, Release Candidates, Releases, Security Advisories, asterisk, t.38 on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the the second release candidate of 1.6.0.11, the release of 1.6.1.2, the first release candidate of 1.6.1.3, and the fourth beta of 1.6.2.0. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/.
The release of 1.6.1.2 fixes a remote crash security vulnerability in the RTP stack. The related security advisory AST-2009-004 has been released along with this announcement. Please read that advisory for more information.
The release candidates and betas, in addition to other fixes, contain a major re-work of the T.38 support in Asterisk. If you’ve been having trouble with T.38 in the 1.6 series, you are strongly encouraged to try one of these release candidates to determine if these changes fixed your T.38 issues.
