Asterisk: Manager User Dialplan Permission Escalation

Report
Question

There was an  Asterisk Manager User Dialplan Permission Escalation vulnerability reported by Matt Jordan about Asterisk PBX. This permission escalation bug which made it possible to compromise remote authenticated sessions was considered as a minor severity vulnerability. Protocols such as the Asterisk Manager Interface, which offer external control, are often able to set and get channel variables which allows the execution of dialplan functions. We all know of the power of dialplan functions inside Asterisk. Is that power which allows us to build a plethora of Asterisk based applications. When some functions that are allowed to do more (e.g. execute commands, change…

Asterisk Announces 1.7 years ago 0 Answers

Asterisk VoIP Software 12.0.0-beta2 Now Available!

Report
Question

The Asterisk Development Team is pleased to announce the second beta release of Asterisk 12.0.0. You can immediately download this release at http://downloads.asterisk.org/pub/telephony/asterisk/releases We strongly encourage all interested Asterisk users to participate throughout the testing process. For any issues you might find, please use the issue tracker to report it: https://issues.asterisk.org/jira. We would like you to come to the #asterisk-bugs channel in order to help communicating issues you found. Also, it is also very useful to see successful test reports. You can use the asterisk-dev mailing list for that (http://lists.digium.com). The next major release in the series of our favorite VoIP software will be Asterisk 12,…

Asterisk Announces 1.8 years ago 0 Answers

Asterisk 11.5.0 Now Available

Report
Question

The Asterisk Development Team has announced the release of Asterisk 11.5.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.5.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0 Thank you for your continued support of Asterisk!

Asterisk Announces 2.2 years ago 0 Answers

DAHDI-Linux And DAHDI-Tools 2.7.0 Now Available

Report
Question

The Asterisk Development Team has announced the releases of: DAHDI-Linux-v2.7.0 DAHDI-Tools-v2.7.0 dahdi-linux-complete-2.7.0+2.7.0 This release is available for immediate download at: http://downloads.asterisk.org/pub/telephony/dahdi-linux http://downloads.asterisk.org/pub/telephony/dahdi-tools http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete In this release: * Driving closer towards sysfs configuration of dahdi devices * Experimental support to "pin" [1] specific span and channel numbers to specific device/local spans * New wcte13xp base driver [1] http://git.asterisk.org/gitweb/?p=dahdi/tools.git;a=commit;h=3d1fd71af2221b3f3e21274ba800619feec439e1 For a full list of changes in these releases, please see the shortlog at: http://git.asterisk.org/gitweb/?p=dahdi/linux.git;a=shortlog;h=refs/tags/v2.7.0-rc1 http://git.asterisk.org/gitweb/?p=dahdi/tools.git;a=shortlog;h=refs/tags/v2.7.0-rc1 Issues found in this release can be reported in the DAHDI-Linux [1] and DAHDI-Tools [2] projects at https://issues.asterisk.org/jira [1]

Asterisk Announces 2.3 years ago 0 Answers

Changes To The Community Service Maintenance Notifications

Report
Question

You may have noticed (or maybe not) that there have been several maintenance notifications for the asterisk.org community services this month. We are working hard to keep up the services running smoothly, and those notices are sent whenever we think our maintenance may interfere with the operation of any of the services. So far, it's been our policy that we send out a maintenance notification whenever we do anything other than the most minor maintenance on the services. You can usually read "may have intermittent availability" as "it should be available unless things go horribly wrong". We now realize that most of these notifications are just spam for…

Asterisk Announces 2.3 years ago 0 Answers

Asterisk 11.4.0 Now Available

Report
Question

The Asterisk Development Team has announced the release of Asterisk 11.4.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.4.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0 Thank you for your continued support of Asterisk!

Asterisk Announces 2.3 years ago 0 Answers

New Security Releases Announced By The Asterisk Development Team

Report
Question

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolve the following issues:

  • A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP. This vulnerability only affected Asterisk 11. * A denial o f service exists in Asterisk's HTTP server. AST-2012-014, fixed in January…

    Asterisk Announces 2.5 years ago 0 Answers

Single Place For Creating Asterisk Community Accounts

Report
Question

We felt that it would be good to let you know about some minor changes happening with our community services. For quite some time, we've had a consolidated authentication server for most of our community services. This means that you use the same username and password for issues.asterisk.org, wiki.asterisk.org and code.asterisk.org. ReviewBoard (reviewboard.asterisk.org) still uses its own internal authentecation, but we plan to migrate it some day. To make this more obvious, and to streamline account creation, we now have a single place for creating asterisk.org community accounts: signup.asterisk.org. Existing accounts will be unaffected; we've only changed how you sign up for a new account. If you have…

Asterisk Announces 2.5 years ago 0 Answers

New Releases for Asterisk Are Now Available

Report
Question

Recently The Asterisk Development Team announced the release of Asterisk versions 11.0.2, 10.10.1 and 1.8.18.1 and made them available for immediate download at:

All of the releases resolves one or more issues reported by the community, without whose participation it wouldn't have been possible. The following is the issue resolved in this release:
  •  chan_local: Fix local_pvt ref leak in local_devicestate(). (Closes issue ASTERISK-20769. Reported by rmudgett)
Please read the change logs for a full list of changes. Thank you for your continued support of Asterisk!

Asterisk Announces 2.8 years ago 0 Answers

Scheduled Maintenance for Asterisk Project community services

Report
Question

On Friday, November 30th, 2012, the Asterisk community services listed below will be undergoing maintenance (migration to a new server and software upgrades). The services will be shut down at approximately 10:30 AM CST (4:30 PM December 1st UTC), and should return no later than 11:30 AM CST. Please keep in mind that it may take longer for our DNS updatesto propagate throughout the Internet. We apologize in advance for any inconvenience this may cause.
The affected services are:
Asterisk Announces 2.8 years ago 0 Answers