Asterisk 10.6.1 Now Available

Report
Question

The Asterisk Development Team has announced the release of Asterisk 10.6.1. This release resolves an issue reported by the community and would have not been possible without your participation. Thank you! The following is the issue resolved in this release:

  • Remove a superfluous and dangerous freeing of an SSL_CTX. (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)
For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1 Thank you for your continued support of Asterisk!

VoIP News 3 years ago 0 Answer

Asterisk 10.6.0 Now Available

Report
Question

The Asterisk Development Team has announced the release of Asterisk 10.6.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 10.6.0 resolves several issues reported by the community like:

  • format_mp3: Fix a possible crash in mp3_read(). (Closes issue ASTERISK-19761. Reported by Chris Maciejewsk)
  • Fix local channel chains optimizing themselves out of a call. (Closes issue ASTERISK-16711. Reported by Alec Davis)
  • Re-add LastMsgsSent value for SIP peers (Closes issue ASTERISK-17866. Reported by Steve Davies)
  • Prevent sip_pvt refleak when an ast_channel outlasts its corresponding sip_pvt. (Closes issue ASTERISK-19425. Reported by David Cunningham)
  • Send more accurate identification information in dialog-info SIP NOTIFYs. (Closes issue ASTERISK-16735.…

    VoIP News 3 years ago 0 Answer

AST-2012-011: Remote Crash Vulnerability In Voice Mail Application

Report
Question

If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash. Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release. Affected Versions

  • Product Release Series
  • Asterisk Open Source 1.8.x 1.8.11 and newer
  • Asterisk Open Source 10.x 10.3 and newer
  • Certified Asterisk 1.8.11-certx All versions
  • Asterisk Digiumphones 10.x.x-digiumphones All versions
Corrected In
  • Product Release
  • Asterisk Open Source 1.8.13.1, 10.5.2
  • Certified Asterisk 1.8.11-cert4
  • Asterisk Digiumphones 10.5.2-digiumphones

VoIP News 3 years ago 0 Answer

Skinny Channel Driver Remote Crash Vulnerability

Report
Question

A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and…

VoIP News 3.1 years ago 0 Answer

Asterisk 10.5.0 Now Available

Report
Question

The Asterisk Development Team has announced the release of Asterisk 10.5.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 10.5.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release:

  • Turn off warning message when bind address is set to any. (Closes issue ASTERISK-19456. Reported by Michael L. Young)
  • Prevent overflow in calculation in ast_tvdiff_ms on 32-bit  machines (Closes issue ASTERISK-19727. Reported by Ben Klang)
  • Make DAHDISendCallreroutingFacility wait 5 seconds for a reply before disconnecting the call. (Closes issue ASTERISK-19708. Reported…

    VoIP News 3.1 years ago 0 Answer