The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolve the following issues:

• A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP. This vulnerability only affected Asterisk 11. * A denial o f service exists in Asterisk’s HTTP server. AST-2012-014, fixed in January of this year, contained a fix for Asterisk’s HTTP server for a r remotely-triggered crash. While the fix prevented the crash from being triggered, a denial of service vector still exists with that solution if an attacker sends one or more HTTP POST requests with very large Content-Length values.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
• A potential username disclosure exists in the SIP channel driver. When authenticating a SIP request with alwaysauthreject enabled, allowguest disabled , and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

Thank you for your continued support of Asterisk!

This article will discuss how to install CentOS step by step in order to set up an Asterisk box. What things you might want to change in order not to have problems while installing or running Asterisk, and finally some tips that you might find useful.

While Installing CentOS is a very straightforward and easy task (and surely there is a plethora of tutorials out there) I decided to make my own guide in order to use it as course material when helping friends (special thanks to my friend Floriana, for encouraging me to this and other tutorials that I’ll be creating) or the community in general in their process to learn Asterisk. I’ll be using VirtualBox in order to install CentOS as a virtual machine and will be assuming an installation from the DVD media (or .iso file)

Inserting DVD media or ISO File

First, start the virtual machine and insert the DVD media or choose the .iso file as installation source. Afterwards you will be asked to chose an option from a menu. Choose the first option: “Install or Upgrade an Existing System”

Install or Upgrade an Existing Image

(more…)

We felt that it would be good to let you know about some minor changes happening with our community services.

For quite some time, we’ve had a consolidated authentication server for most of our community services. This means that you use the same username and password for issues.asterisk.org, wiki.asterisk.org and code.asterisk.org. ReviewBoard (reviewboard.asterisk.org) still uses its own internal authentecation, but we plan to migrate it some day.

To make this more obvious, and to streamline account creation, we now have a single place for creating asterisk.org community accounts:

signup.asterisk.org.

Existing accounts will be unaffected; we’ve only changed how you sign up for a new account. If you have any issues with the new signup service, please contact us at asteriskteam@digium.com.

Thank you for your support!

– Digium’s Asterisk Development Team

Using T.38 termination with Eutelia provider could present a scenario where you can receive faxes using g729, but not being able to receive it, even if you are able to receive it while using  alaw.

It might be the case that the remote endpoint, Eutelia, will need to detect the Fax Tones and send the T.38 ReINVITE to you, they may not have T.38 enabled. If that’s the case, your Asterisk installation will need to detect the Fax Tones so as to make the decision the incoming call is a fax and then switch to the fax extension. For Asterisk to detect the Fax Tones you will need to set faxdetect to either yes or cng, you will also require using alaw or ulaw codec.

It might be suggested that you configure your incoming calls from Eutelia to go directly to the fax receive function whilst having the g729 codec enabled, I expect you will then see T.38 re-invite come from Asterisk. (more…)

These are the instructions to configure OpenVPN + SIP configuration, based on a brainstorming discussion of the Asterisk Users Mailing List.

The server is running on a uClinux appliance, with /dev/net/tun, and OpenVPN is 2.0.9. The clients will be Windows hosts connecting through Ethernet in hotels or public wifi hotspots.

1. Install OpenVPN on Asterisk server. On appliance, there’s only a single binary /bin/openvpn, and configuration files are in /etc/openvpn/.

To be positive SIP/RTP packets go through the OpenVPN tunnel, make sure the firewall in front of the OpenVPN/Asterisk server only has OpenVPN port open (default: UDP 1194).

2. On client, from http://www.openvpn.net, download and install OpenVPN for Windows, which includes Service + GUI

3. If using an appliance with just the openvpn binary, use a workstation to install the OpenVPN package and create certificates + keys: apt-get install openvpn (more…)