* You are viewing the archive for the ‘Asterisk Users’ Category

Asterisk 13.0.0-beta2 Now Available!

The Asterisk Development Team is pleased to announce the second beta release of Asterisk 13.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

All interested users of Asterisk are encouraged to participate in the Asterisk 13 testing process. Please report any issues found to the issue tracker, https://issues.asterisk.org/jira. All Asterisk users are invited to participate in the #asterisk-bugs channel to help communicate issues found to the Asterisk developers. It is also very useful to see successful test reports. Please post those to the asterisk-dev mailing list (http://lists.digium.com).

Asterisk 13 is the next major release series of Asterisk. It will be a Long Term Support (LTS) release, similar to Asterisk 11. For more information about support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

For important information regarding upgrading to Asterisk 13, please see the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13

A short list of new features includes:

* Asterisk security events are now provided via AMI, allowing end users to
monitor their Asterisk system in real time for security related issues.

* Both AMI and ARI now allow external systems to control the state of a mailbox.
Using AMI actions or ARI resources, external systems can programmatically
trigger Message Waiting Indicators (MWI) on subscribed phones. This is of
particular use to those who want to build their own VoiceMail application
using ARI.

* ARI now supports the reception/transmission of out of call text messages using
any supported channel driver/protocol stack through ARI. Users receive out of
call text messages as JSON events over the ARI websocket connection, and can
send out of call text messages using HTTP requests.

* The PJSIP stack now supports RFC 4662 Resource Lists, allowing Asterisk to act
as a Resource List Server. This includes defining lists of presence state,
mailbox state, or lists of presence state/mailbox state; managing
subscriptions to lists; and batched delivery of NOTIFY requests to
subscribers.

* The PJSIP stack can now be used as a means of distributing device state or
mailbox state via PUBLISH requests to other Asterisk instances. This is
analogous to Asterisk’s clustering support using XMPP or Corosync; unlike
existing clustering mechanisms, using the PJSIP stack to perform the
distribution of state does not rely on another daemon or server to perform the
work.

And much more!

More information about the new features can be found on the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation

A full list of all new features can also be found in the CHANGES file:

http://svnview.digium.com/svn/asterisk/branches/13/CHANGES

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0-beta2

Thank you for your continued support of Asterisk!

Show Log(NOTICE) Messages On The Console

Hi,

I have asterisk running as daemon. I connect to my running asterisk servers with:

sudo asterisk -r

In one asterisk instance (11.2.1) I see Log(NOTICE) messages, which is what I want.

In another instance (11.7.0~dfsg-1ubuntu1) I do not see the Log(NOTICE)
messages. To see them I must make the cli very verbose (sudo asterisk
-rvvvv or more), which is **not** what I want (I really only want to see NOTICEs comming from asterisk or from my dialplan)

I have also played with the -d flag (like sudo asterisk -rddvv), but still no luck: either I see too much, or I do not see NOTICEs.

How can I consistently enable the display of Log messages above NOTICE
(including) with *any* version of asterisk? I *only* want to see Log messages (for example, I do not want to see the steps executed from the dialplan, which make the console overwhelmed with messages and impossible to follow)

Thanks and regards, Daniel Gonzalez

Record Call Ends In 10min

In my context I have:

exten => _NXXXXXX,1,Set(CHANNEL(musicclass)

Conversation Record Prematurely

I have following line in a context:

… exten => _587NXXXXXX,n,Set(recordfilename=${CALLERID(num)}-${EXTEN}-${STRFTIME(${EPOCH},MST,%C%y-%m-%d-%H%M)}.wav)
exten => _587NXXXXXX,n,MixMonitor(${recordfilename},b)


It records the conversation but it ends prematurely, after 10min. Why?
Where is the setting to records until a user hangup the handset.

AST-2014-010: Remote Crash When Handling Out Of Call Message In Certain Dialplan Configurations

Asterisk Project Security Advisory – AST-2014-010

Product Asterisk
Summary Remote crash when handling out of call message in
certain dialplan configurations
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions
Severity Minor
Exploits Known No
Reported On 05 September 2014
Reported By Philippe Lindheimer
Posted On 18 September 2014
Last Updated On September 18, 2014
Advisory Contact Matt Jordan
CVE Name Pending

Description When an out of call message – delivered by either the SIP
or PJSIP channel driver or the XMPP stack – is handled in
Asterisk, a crash can occur if the channel servicing the
message is sent into the ReceiveFax dialplan application
while using the res_fax_spandsp module.

Note that this crash does not occur when using the
res_fax_digium module.

While this crash technically occurs due to a configuration
issue, as attempting to receive a fax from a channel driver
that only contains textual information will never succeed,
the likelihood of having it occur is sufficiently high as
to warrant this advisory.

Resolution The fax family of applications have been updated to handle
the Message channel driver correctly. Users using the fax
family of applications along with the out of call text
messaging features are encouraged to upgrade their versions
of Asterisk to the versions specified in this security
advisory.

Additionally, users of Asterisk are encouraged to use a
separate dialplan context to process text messages. This
avoids issues where the Message channel driver is passed to
dialplan applications that assume a media stream is
available. Note that the various channel drivers and stacks
provide such an option; an example being the SIP channel
driver’s outofcall_message_context option.

Affected Versions
Product Release
Series
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Certified Asterisk 11.6 All versions

Corrected In
Product Release
Asterisk Open Source 11.12.1, 12.5.1
Certified Asterisk 11.6-cert6

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2014-010-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2014-010-11.6.diff Certified
Asterisk
11.6

Links https://issues.asterisk.org/jira/browse/ASTERISK-24301

Asterisk Project Security Advisories are posted at

http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-010.pdf and
http://downloads.digium.com/pub/security/AST-2014-010.html

Revision History
Date Editor Revisions Made
September 18 Matt Jordan Initial Draft

Asterisk Project Security Advisory – AST-2014-010
Copyright (c) 2014 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

AST-2014-009: Remote Crash Based On Malformed SIP Subscription Requests

Asterisk Project Security Advisory – AST-2014-009

Product Asterisk
Summary Remote crash based on malformed SIP subscription
requests
Nature of Advisory Remotely triggered crash of Asterisk
Susceptibility Remote authenticated sessions
Severity Major
Exploits Known No
Reported On 30 July, 2014
Reported By Mark Michelson
Posted On 18 September, 2014
Last Updated On September 18, 2014
Advisory Contact Mark Michelson
CVE Name Pending

Description It is possible to trigger a crash in Asterisk by sending a
SIP SUBSCRIBE request with unexpected mixes of headers for
a given event package. The crash occurs because Asterisk
allocates data of one type at one layer and then interprets
the data as a separate type at a different layer. The crash
requires that the SUBSCRIBE be sent from a configured
endpoint, and the SUBSCRIBE must pass any authentication
that has been configured.

Note that this crash is Asterisk’s PJSIP-based
res_pjsip_pubsub module and not in the old chan_sip module.

Resolution Type-safety has been built into the pubsub API where it
previously was absent. A test has been added to the
testsuite that previously would have triggered the crash.

Affected Versions
Product Release
Series
Asterisk Open Source 1.8.x Unaffected
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 12.x 12.1.0 and up
Certified Asterisk 1.8.15 Unaffected
Certified Asterisk 11.6 Unaffected

Corrected In
Product Release
Asterisk Open Source 12.5.1

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-009-12.diff Asterisk
12

Links https://issues.asterisk.org/jira/browse/ASTERISK-24136

Asterisk Project Security Advisories are posted at

http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-009.pdf and
http://downloads.digium.com/pub/security/AST-2014-009.html

Revision History
Date Editor Revisions Made
19 August, 2014 Mark Michelson Initial version of document

Asterisk Project Security Advisory – AST-2014-009
Copyright (c) 2014 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.