* You are viewing the archive for the ‘VoIP News’ Category

Asterisk 10.6.1 Now Available

The Asterisk Development Team has announced the release of Asterisk 10.6.1. This release resolves an issue reported by the community and would have not been possible without your participation. Thank you!

The following is the issue resolved in this release:

  • Remove a superfluous and dangerous freeing of an SSL_CTX. (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1

Thank you for your continued support of Asterisk!

Asterisk 10.6.0 Now Available

The Asterisk Development Team has announced the release of Asterisk 10.6.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 10.6.0 resolves several issues reported by the community like:

  • format_mp3: Fix a possible crash in mp3_read(). (Closes issue ASTERISK-19761. Reported by Chris Maciejewsk)
  • Fix local channel chains optimizing themselves out of a call. (Closes issue ASTERISK-16711. Reported by Alec Davis)
  • Re-add LastMsgsSent value for SIP peers (Closes issue ASTERISK-17866. Reported by Steve Davies)
  • Prevent sip_pvt refleak when an ast_channel outlasts its corresponding sip_pvt. (Closes issue ASTERISK-19425. Reported by David Cunningham)
  • Send more accurate identification information in dialog-info SIP NOTIFYs. (Closes issue ASTERISK-16735. Reported by Maciej Krajewski)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0

Thank you for your continued support of Asterisk!

AST-2012-011: Remote Crash Vulnerability In Voice Mail Application

If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release.

Affected Versions

  • Product Release Series
  • Asterisk Open Source 1.8.x 1.8.11 and newer
  • Asterisk Open Source 10.x 10.3 and newer
  • Certified Asterisk 1.8.11-certx All versions
  • Asterisk Digiumphones 10.x.x-digiumphones All versions

Corrected In

  • Product Release
  • Asterisk Open Source 1.8.13.1, 10.5.2
  • Certified Asterisk 1.8.11-cert4
  • Asterisk Digiumphones 10.5.2-digiumphones

Skinny Channel Driver Remote Crash Vulnerability

A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer.

Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the “Off Hook” call state and crash the server.

Now the presence of a device for a line is checked in the appropriate channel callbacks, preventing the crash.

you can download the latest Asterisk packages in the download section, as usual.

Stay tunned for more security updates.

Asterisk 10.5.0 Now Available

The Asterisk Development Team has announced the release of Asterisk 10.5.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 10.5.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!

The following is a sample of the issues resolved in this release:

  • Turn off warning message when bind address is set to any. (Closes issue ASTERISK-19456. Reported by Michael L. Young)
  • Prevent overflow in calculation in ast_tvdiff_ms on 32-bit  machines (Closes issue ASTERISK-19727. Reported by Ben Klang)
  • Make DAHDISendCallreroutingFacility wait 5 seconds for a reply before disconnecting the call. (Closes issue ASTERISK-19708. Reported by mehdi Shirazi)
  • Fix recalled party B feature flags for a failed DTMF atxfer. (Closes issue ASTERISK-19383. Reported by lgfsantos)
  • Fix DTMF atxfer running h exten after the wrong bridge ends. (Closes issue ASTERISK-19717. Reported by Mario)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0

Thank you for your continued support of Asterisk!

Heap Buffer Overflow in Skinny Channel Driver

In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

Now, the length of the buffer is now checked before appending a value to the end of the buffer.

Affected Versions:

  • Product Release Series
  • Asterisk Open Source 1.6.2.x All Versions
  • Asterisk Open Source 1.8.x All Versions
  • Asterisk Open Source 10.x All Versions

Corrected In Product Release:

  • Asterisk Open Source 1.6.2.24, 1.8.11.1, 10.3.1