The Asterisk Development Team has announced the release of Asterisk 10.9.0.
The release of Asterisk 10.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix channel reference leak in ChanSpy.
* --- dsp.c: Fix multiple issues when no-interdigit delay is present,
and fast DTMF 50ms/50ms
* --- Fix bug where final queue member would not be removed from
memory.
* --- Fix memory leak when CEL is successfully written to PostgreSQL
database
* --- Fix DUNDi message routing bug when neighboring peer is
unreachable
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.9.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.17.0.
The release of Asterisk 1.8.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix channel reference leak in ChanSpy.
* --- dsp.c: Fix multiple issues when no-interdigit delay is present,
and fast DTMF 50ms/50ms
* --- Fix bug where final queue member would not be removed from
memory.
* --- Fix memory leak when CEL is successfully written to PostgreSQL
database
* --- Fix DUNDi message routing bug when neighboring peer is
unreachable
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.17.0
Thank you for your continued support of Asterisk!
This is the second attempt to fix the build problem that some people
have seen (I have received inconsistent reports). This should
force chan_mgcp to build on systems where it can. It was tested
on NetBSD 5.0, thus ensuring that it doesn't break previously
working systems; and NetBSD 6.99.7, where I finally saw the problem
that some people were reporting.
21st, 2012. It most likely has multiple security issues. By this
point, all users of this package should have migrated to comms/asterisk18
or comms/asterisk10 as this version has been marked as being
deprecated for some time now.
Note that this directory is likely to re-appear in late 2017 when
Asterisk 16 comes out, assuming the current schedule is followed.
However that will be a vastly different version as Asterisk 11 is
only in the RC stage now (i.e. it will be five major versions after
the one that is expected to be released later this year).
AST-2012-013, and some general bugs.
The Asterisk Development Team has announced the release of Asterisk 1.8.16.0.
The release of Asterisk 1.8.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
ExternalIVR
* --- AST-2012-013: Resolve ACL rules being ignored during calls by
some IAX2 peers
* --- Handle extremely out of order RFC 2833 DTMF
* --- Resolve severe memory leak in CEL logging modules.
* --- Only re-create an SRTP session when needed; respond with correct
crypto policy
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.16.0
Thank you for your continued support of Asterisk!
AST-2012-013, and some general bugs.
The Asterisk Development Team has announced the release of Asterisk 10.8.0.
The release of Asterisk 10.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
ExternalIVR
* --- AST-2012-013: Resolve ACL rules being ignored during calls by
some IAX2 peers
* --- Handle extremely out of order RFC 2833 DTMF
* --- Resolve severe memory leak in CEL logging modules.
* --- Only re-create an SRTP session when needed
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.8.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
The release of Asterisk 10.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Set the Caller ID "tag" on peers even if remote party
information is present.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.7.0
Thank you for your continued support of Asterisk!
The release of Asterisk 1.8.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Make the address family filter specific to the transport.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.15.0
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is only built in some situation
instead of adding gross hacks
- upgrade to Asterisk 10.6.1: this is a bugfix release
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is built only in some situations
instead of adding gross hacks
- upgrade to Asterisk 1.8.14.1: this is a bugfix release
The release of Asterisk 1.8.14.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
Thank you for your continued support of Asterisk!
This package has not been patched for DragonFly.
There are two newer packages, asterisk10 and asterisk18
According to commit messages, this package will be removed in
"not too distant future" due to being EOL.
The Asterisk Development Team has announced the release of Asterisk 10.6.0.
The release of Asterisk 10.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Re-add LastMsgsSent value for SIP peers
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.14.0.
The release of Asterisk 1.8.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Update a peer's LastMsgsSent when the peer is notified of
waiting messages
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.0
Thank you for your continued support of Asterisk!
and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 nd Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
Thank you for your continued support of Asterisk!
AST-2012-010 and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/pST-2012-011.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced a security release for
Asterisk 10. This security release is released as version 10.5.1.
The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 10.5.1 resolves the following issue:
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client sends an Off Hook
message, followed by a Key Pad Button Message, a structure that
was previously set to NULL is dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
This issue and its resolution is described in the security advisory.
For more information about the details of this vulnerability, please
read security advisory AST-2012-009, which was released at the same
time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2012-009.pdf
Thank you for your continued support of Asterisk!
hex digits, so patching the makefile to compare it as decimal will
not work. Just patch out the test entirely, as pkgsrc guarantees
curl will always be present and the packaging is not equipped to
deal with this check failing anyhow.
The Asterisk Development Team has announced the release of Asterisk
10.5.0.
The release of Asterisk 10.5.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk
1.8.13.0.
The release of Asterisk 1.8.13.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.13.0
Thank you for your continued support of Asterisk!
AST-2012-008 along with some general bug fixes.
----- 10.4.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 10.4.2 -----
The Asterisk Development Team has announced the release of Asterisk
10.4.2.
The release of Asterisk 10.4.2 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
* --- Fix crash in ConfBridge when user announcement is played for
more than 2 users
(Closes issue ASTERISK-19899. Reported by Florian Gilcher)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.2
Thank you for your continued support of Asterisk!
and AST-2012-008 along with some general bug fixes.
----- 1.8.12.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 1.8.12.2 -----
The Asterisk Development Team has announced the release of Asterisk
1.8.12.2.
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
Thank you for your continued support of Asterisk!
