Posts Tagged 1.4
Asterisk 1.4.43, 1.6.2.21, and 1.8.7.2 Now Available (Security Release)
Posted by admin in asterisk, Asterisk Security Releases, Security Advisories on December 8, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for Asterisk 1.4, 1.6.2 and 1.8. The available security releases are released as versions 1.4.43, 1.6.2.21 and 1.8.7.2.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue with possible remote enumeration of SIP endpoints with differing NAT settings.
The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash possibility with SIP when the “automon” feature is enabled.
The issues and resolutions are described in the AST-2011-013 and AST-2011-014 security advisories.
For more information about the details of these vulnerabilities, please read the security advisories AST-2011-013 and AST-2011-014, which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-013 is available at:
Security advisory AST-2011-014 is available at:
Thank you for your continued support of Asterisk!
Asterisk 1.4.42 Now Available (Final Maintenance Release)
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the final maintenance release of Asterisk, version 1.4.42. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
Please note that Asterisk 1.4.42 is the final maintenance release from the 1.4 branch. Support for security related issues will continue until April 21, 2012. For more information about support of the various Asterisk branches, see https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.4.42 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Resolve regression with ring groups in the Dial() application
(Closes issue ASTERISK-17874. Reported by mspuhler. Patched by elguero) - Resolve deadlock when using tab completion on the ‘meetme kick’ CLI command when an invalid (non-existent) conference room is specified.
(Closes issue ASTERISK-17771. Reported, patched by zvision) - Resolve issue where voice frames could be dropped when checking for T.38 during early media.
(Closes issue ASTERISK-17705. Reported, patched by oej) - Resolve issue where DYNAMIC_FEATURES would not activate after a recent DTMF fix.
(Closes issue ASTERISK-17914. Reported by vrban. Patched by twilson)
Additionally security announcements AST-2011-010, and AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.41-rc1 Now Available
Posted by admin in asterisk, Release Candidates on February 28, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the first release candidate of Asterisk 1.4.41. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.41-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47) - Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes. - Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb. Patched by russellb) - Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by jpeeler) - Guard against retransmitting BYEs indefinitely during attended transfers with chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.40 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.4.40. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.40 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Correct issue where res_config_odbc could populate fields with invalid data.
(Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev, jthurman, elguero, zerohalo. Patched by tilghman) - Resolve issue where re-transmissions of SUBSCRIBE could break presence.
(Closes issue #18075. Reported by mdu113. Patched by twilson) - Resolve issue in res_odbc where it may crash when a query fails.
(Closes issue #18243. Reported, patched by ks3) - Fix CPU spike when pressing DTMF after agent login.
(Closes issue #18130. Reported by rgj. Patched by jpeeler) - Fix cross-compiling issue.
(Closes issue #18301. Reported, patched by abelbeck) - This version of Asterisk includes the new Compiler Flags option BETTER_BACKTRACES which uses libbfd to search for better symbol information within both the Asterisk binary, as well as loaded modules, to assist when using inline backtraces to track down problems.
(Patched by tilghman) - Resolve several issues with DTMF based attended transfers.
(Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchaun, grecco. Patched by rmudgett).
NOTE: Be sure to read the ChangeLog for more information about these changes. - Fix regression that changed behavior of queues when ringing a queue member.
(Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
Additionally, this release has the changes related to security bulletin AST-2011-002 which can be found at http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
For a full list of changes in this release, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.39.2, Asterisk 1.6.1.22, Asterisk 1.6.2.16.2 and Asterisk 1.8.2.4 Now Available
Posted by admin in asterisk, Asterisk Security Releases, Security Advisories, t.38 on February 22, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for Asterisk branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable. The issue and resolution are described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the security advisory AST-2011-002, which was released at the same time as this announcement.
For a full list of changes in the current release, please see the ChangeLog:
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-002 is available at:
Thank you for your continued support of Asterisk!
Asterisk 1.4.40-rc3 Now Available
Posted by admin in asterisk, Release Candidates on February 16, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the third release candidate of Asterisk 1.4.40. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.40-rc3 resolves the following issues in addition to those included in 1.4.40-rc1 and 1.4.40-rc2:
- Fix regression that changed behavior of queues when ringing a queue member.
(Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40-rc3
Thank you for your continued support of Asterisk!
Asterisk 1.4.40-rc2 Now Available
Posted by admin in asterisk, Release Candidates on January 26, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the second release candidate of Asterisk 1.4.40. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.40-rc2 resolves the following issues in addition to those included in 1.4.40-rc1:
- Resolve several issues with DTMF based attended transfers.
(Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchaun, grecco. Patched by rmudgett).
NOTE: Be sure to read the ChangeLog for more information about these changes.
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40-rc2
Thank you for your continued support of Asterisk!
Asterisk 1.4.40-rc1 Now Available
Posted by admin in asterisk, Release Candidates on January 19, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the first release candidate of Asterisk 1.4.40. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.40-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Correct issue where res_config_odbc could populate fields with invalid data.
(Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev, jthurman, elguero, zerohalo. Patched by tilghman) - Resolve issue where re-transmissions of SUBSCRIBE could break presence.
(Closes issue #18075. Reported by mdu113. Patched by twilson) - Resolve issue in res_odbc where it may crash when a query fails.
(Closes issue #18243. Reported, patched by ks3) - Fix CPU spike when pressing DTMF after agent login.
(Closes issue #18130. Reported by rgj. Patched by jpeeler) - Fix cross-compiling issue.
(Closes issue #18301. Reported, patched by abelbeck) - This version of Asterisk includes the new Compiler Flags option BETTER_BACKTRACES which uses libbfd to search for better symbol information within both the Asterisk binary, as well as loaded modules, to assist when using inline backtraces to track down problems.
(Patched by tilghman)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.40-rc1
Thank you for your continued support of Asterisk!
Asterisk Security Releases: AST-2011-001
Posted by admin in asterisk, Asterisk Security Releases on January 18, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for the following versions of Asterisk:
- 1.4.38.1
- 1.4.39.1
- 1.6.1.21
- 1.6.2.15.1
- 1.6.2.16.1
- 1.8.1.2
- 1.8.2.1
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory.
For more information about the details of this vulnerability, please read the security advisory AST-2011-001, which was released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
Thank you for your continued support of Asterisk!
Asterisk 1.4.39 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.4.39. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.39 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Resolve issue where channel redirect function (CLI or AMI) hangs up the call instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos) - Fix bugs in saying numbers using the Swedish language syntax
(Closes issue #18355. Reported, patched by oej) - Fix not stopping MOH when transfered local channel queue member is answered.
The problem here is only present when local channels are used with the MOH passthru option as well as no optimization (/nm).
Patched by jpeeler. - Improve handling of REGISTER requests with multiple contact headers. Patched by jpeeler.
- app_followme: Don’t create a Local channel if the target extension does not exist.
(Closes issue #18126. Reported, patched by junky) - Revert code that changed SSRC for DTMF.
(Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686. Tested by cmbaker82) - Resolve issue where REGISTER request with a Call-ID matching an existing transaction is received it was possible that the REGISTER request would overwrite the initreq of the private structure.
(Closes issue #18051. Reported by eeman. Patched, tested by twilson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.39
Thank you for your continued support of Asterisk!
