Top
Browse > Home / Archive: August 2007

[asterisk-biz] Attractel released two new versions of Zoiper IAX and SIP softphone:

August 30, 2007

Hello,

We just released two new versions of Zoiper IAX and SIP softphone:
(Windows & Linux) - scroll down for the changelog.
Both versions are available for free at http://www.zoiper.com as usually.
We recommend everybody to upgrade.

Be sure to also check out the documentation available here:

http://www.zoiper.com/downloads/Zoiper_API_Documentation.pdf
http://www.zoiper.com/downloads/Zoiper_Provisioning_Documentation_2007.pdf
http://www.zoiper.com/downloads/Zoiper_2.0_Biz_Manual.pdf
http://www.zoiper.com/downloads/Zoiper_2.0_Free_Manual.pdf

We could use more beta testers for the version the linux and mac beta
versions, in case you experience any problems with any of the releases
do not hesitate do contact us on zoiper@asteriskguru.com
Any feature requests or gui comments (good and bad) are also very welcome.

Coming up next: nokia n800 support :)

---------
changelog:

- Zoiper 2.07 for Windows contains various additions and fixes, namely:

* Added iLBC 20 support
* Added forced unmute microphone (USB handset case) - fixes issues
with several usb handsets (plantronics on vista being one of them)
* Added VPN support (RTP Media address option is now ignored)
* Added selectable Strip dial characters option (Biz)
* Added IMessageFilter implementation (API with Biz)
* Extended API functionality (Biz)
* Fixed deadlock issues with SIP calls
* Fixed major mixer issues
* Fixed 100% CPU utilization on some machines
* Fixed attended transfer (wrong Refer header field bug)
* Fixed "Failed to set data for" bug
* Fixed font scaling problems
* Fixed bug when deleting the last account
* Fixed bug with New account. Now it is not selectable, just clickable
* Fixed bug when the phone starts in COM mode it tries to dial
-Embedding
* Fixed on error exit crash
* Fixed conference hold bug when a call is removed from a conference
* Fixed unknown incoming RTP packets handling
* Fixed call reject issues
* Fixed crash when changing the language after changing the number
of lines.(Biz)
* Removed IPV6 support in the resolver which caused major resolving
issues

Or contact the Zoiper Sales Department at: zoiper@asteriskguru.com

- Zoiper 2.0 Free for Linux Beta 2:

* Implemented support for ALSA
* Implemented Zoiper in several additional languages: German,
Spanish, French and Dutch
* Added descriptions for call termination
* Implemented a log window (available via "Show log" menu)
* Fixed removing startup entry on KDE and Xfce
* Fixed transparency problem on Gnome (pink edges)

Written by Voip Phreak · Filed Under News 

[asterisk-biz] Voix Manager 1 Beta 3 has been released

August 30, 2007

Voix Manager 1 Beta 3 has been released, we have improved usability,
added internationalization, made lot of resources optimizations,
improved the zaptel channel management, fixed a bug with the speex
codec and some other minor bugs. This version is an important upgrade.
Currently exist Translation for English, German and Italian, soon we
will add new languages.
If you are interested to translate it in a particular language please
contact meThis e-mail address is being protected from spam bots, you
need JavaScript enabled to view it , I'll give you all the necessary
instructions.
You cand donwnload it here: http://www.voix.it/

Luciano

Written by Voip Phreak · Filed Under News 

[jadmin] jabberd-2.1.15 release

August 27, 2007

It's time for another jabberd 2.1 series release.

Get 2.1.15 release as usual at:
http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.1.15.tar.gz
http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.1.16.tar.bz2

and read: http://svn.xiaoka.com/jabberd2/trunk/UPGRADE

This is a bugfix release.
Mostly for 64bit platform related issues.

ChangeLog:
* Check for SASL before - fixes #139
* Fixed sha1 generation on 64 bit platforms
* Using OpenSSL MD5() implementation when available
* Using OpenSSL SHA1() implementation when available
* Removed ZeroK support in Oracle AuthReg?
* Added missing checks for compilation without SSL which fixes #130

For a full ChangeLog see:
http://svn.xiaoka.com/jabberd2/trunk/ChangeLog

Written by Voip Phreak · Filed Under Jabber, News 

[asterisk-security] AST-2007-020: Resource Exhaustion vulnerability in SIP channel driver

August 21, 2007

Asterisk Project Security Advisory - AST-2007-020

+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Resource Exhaustion vulnerability in SIP channel |
| | driver |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| Reported On | August 9, 2007 |
|--------------------+---------------------------------------------------|
| Reported By | Jon Moldenauer (bugs.digium.com user |
| | jmoldenhauer) |
|--------------------+---------------------------------------------------|
| Posted On | August 21, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 21, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Russell Bryant |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2007-4455 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Description | The handling of SIP dialog history was broken during the |
| | development of Asterisk 1.4. Regardless of whether |
| | recording SIP dialog history is turned on or off, the |
| | history is still recorded in memory. Furthermore, there |
| | is no upper limit on how many history items will be |
| | stored for a given SIP dialog. |
| | |
| | It is possible for an attacker to use up all of the |
| | system's memory by creating a SIP dialog that records |
| | many entires in the history and never ends. It is also |
| | worth noting for the sake of doing the math to calculate |
| | what it would take to exploit this that each SIP history |
| | entry will take up a maximum of 88 bytes. |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Resolution | The fix that has been added to chan_sip is to restore the |
| | functionality where SIP dialog history is not recorded in |
| | memory if it is not enabled. Furthermore, a maximum of 50 |
| | entires in the history will be stored for each dialog |
| | when recording history is turned on. |
| | |
| | The only way to avoid this problem in affected versions |
| | of Asterisk is to disable chan_sip. If chan_sip is being |
| | used, the system must be upgraded to a version that has |
| | this issue resolved. |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.0.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.11 |
|----------------------------------+-------------+-----------------------|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------------+-------------+-----------------------|
| AsteriskNOW | pre-release | All versions prior to |
| | | beta7 |
|----------------------------------+-------------+-----------------------|
| Asterisk Appliance Developer Kit | 0.x.x | All versions prior to |
| | | 0.8.0 |
|----------------------------------+-------------+-----------------------|
| s800i (Asterisk Appliance) | 1.0.x | All versions prior to |
| | | 1.0.3 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|---------------+--------------------------------------------------------|
| Asterisk Open | 1.4.11, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+--------------------------------------------------------|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
| | Beta5 and Beta6 users can update using the system |
| | update feature in the appliance control panel. |
|---------------+--------------------------------------------------------|
| Asterisk | 0.8.0, available from |
| Appliance | http://downloads.digium.com/pub/telephony/aadk |
| Developer Kit | |
|---------------+--------------------------------------------------------|
| s800i | 1.0.3 |
| (Asterisk | |
| Appliance) | |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=10421 |
| | |
| | http://bugs.digium.com/view.php?id=10418 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/AST-2007-020.pdf and |
| http://downloads.digium.com/pub/asa/AST-2007-020.html. |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|---------------------+------------------------+-------------------------|
| August 21, 2007 | russell@digium.com | Initial Release |
+------------------------------------------------------------------------+

Asterisk Project Security Advisory - AST-2007-020
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

Written by Voip Phreak · Filed Under News, Security 

Sykpe’s Outage caused by exploit?

August 20, 2007

It appears that lasts week's Skype service disruptions are associated with a
malformed address URI submitted by a Skype client. Sending a long malformed
Found this on the voipsec list.... interesting..

URI cripples the Skype server which causes the Skype client to reconnect to
the next Skype server and submits the same query which has the same effect.
In essence the attacker can traverse the list of Skype servers and disrupt
the entire Skype network.

Here is the link to the code.
http://en.securitylab.ru/poc/extra/301419.php

Does anyone have any additional info on this?

Peter

Written by Voip Phreak · Filed Under News, Security 

[asterisk-users] Zaptel 1.2.20 and 1.4.5 released

August 20, 2007

The Asterisk.org development team has announced the release of Zaptel
versions 1.2.20 and 1.4.5. These releases are maintenance releases that
fix various known issues. See the ChangeLog included in the releases for
a full list of changes. The ChangeLogs are also available separately on
the ftp site.

This release also contains support for Digium's new 32 channel hardware
echo canceler (VPMADT032) for the TDM800P and TDM2400P.

Warning to TDM800P and TDM2400P users with FXO modules:
Unless your TDM card contains a VPM100M echo canceler, you will notice
an increase in your volume levels after upgrading to this release of
Zaptel. You may wish to compensate for this change in zapata.conf.

Both releases are available as a tarball as well as a patch against the
previous release. They are available for download from http://downloads.digium.com.

Thank you for your support!

Written by Voip Phreak · Filed Under News 

[jadmin] jabberd-2.1.14 release

August 13, 2007

Time for another jabberd 2.1 series release.

Get 2.1.14 release as usual at:
http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.1.14.tar.gz
http://ftp.xiaoka.com/jabberd2/releases/jabberd-2.1.14.tar.bz2

and read: http://svn.xiaoka.com/jabberd2/trunk/UPGRADE

One new feature and some fixes.
This one should compile cleanly on Sun at last.

ChangeLog:
* Integrated authreg_oracle by fundy. Closes #129
* Operands incompatibility fix for Sun compiler. Fixes #111
* contrib/cyrus-sasl-digest-md5-fix added
* Applied MIO memleak fix related to time_checks by Christof Meerwald. Refs #124, fixes #78

For a full ChangeLog see:
http://svn.xiaoka.com/jabberd2/trunk/ChangeLog

Written by Voip Phreak · Filed Under Jabber, News 

Next Page »

Bottom