and AST-2012-015. Apparently the last update didn't completely
fix the issues.
The Asterisk Development Team has announced a security release for
Asterisk 11, Asterisk 11.1.2. This release addresses the security
vulnerabilities reported in AST-2012-014 and AST-2012-015, and
replaces the previous version of Asterisk 11 released for these
security vulnerabilities. The prior release left open a vulnerability
in res_xmpp that exists only in Asterisk 11; as such, other versions
of Asterisk were resolved correctly by the previous releases.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions. The vulnerabilities in SIP and HTTP were corrected in a prior
release of Asterisk; the vulnerability in XMPP is resolved in this release.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of. Handling the cachability of device states
aggregated via XMPP is handled in this release.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk - and we apologize for having
to do this twice!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
As this is a major release, you should read the information about updating:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
You can also find documentation in: /usr/pkg/share/doc/asterisk
----- 11.1.0:
The Asterisk Development Team has announced the release of Asterisk 11.1.0.
The release of Asterisk 11.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix execution of 'i' extension due to uninitialized variable.
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Fix ConfBridge crash if no timing module loaded.
* --- Fix the Park 'r' option when a channel parks itself.
* --- Fix an issue where outgoing calls would fail to establish audio
due to ICE negotiation failures.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.1.0
----- 11.0.1:
The Asterisk Development Team has announced the release of Asterisk 11.0.1.
The release of Asterisk 11.0.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- chan_sip: Fix a bug causing SIP reloads to remove all entries
from the registry
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix an issue with res_http_websocket where the chan_sip
WebSocket handler could not be registered.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1
Thank you for your continued support of Asterisk!
----- 11.0.0:
The Asterisk Development Team is pleased to announce the release of
Asterisk 11.0.0.
Asterisk 11 is the next major release series of Asterisk. It is a Long Term
Support (LTS) release, similar to Asterisk 1.8. For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
For important information regarding upgrading to Asterisk 11, please see the
Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
A short list of new features includes:
* A new channel driver named chan_motif has been added which provides support
for Google Talk and Jingle in a single channel driver. This new channel
driver includes support for both audio and video, RFC2833 DTMF, all codecs
supported by Asterisk, hold, unhold, and ringing notification. It is also
compliant with the current Jingle specification, current Google Jingle
specification, and the original Google Talk protocol.
* Support for the WebSocket transport for chan_sip.
* SIP peers can now be configured to support negotiation of ICE candidates.
* The app_page application now no longer depends on DAHDI or app_meetme. It
has been re-architected to use app_confbridge internally.
* Hangup handlers can be attached to channels using the CHANNEL() function.
Hangup handlers will run when the channel is hung up similar to the h
extension; however, unlike an h extension, a hangup handler is associated with
the actual channel and will execute anytime that channel is hung up,
regardless of where it is in the dialplan.
* Added pre-dial handlers for the Dial and Follow-Me applications. Pre-dial
allows you to execute a dialplan subroutine on a channel before a call is
placed but after the application performing a dial action is invoked. This
means that the handlers are executed after the creation of the callee
channels, but before any actions have been taken to actually dial the callee
channels.
* Log messages can now be easily associated with a certain call by looking at
a new unique identifier, "Call Id". Call ids are attached to log messages for
just about any case where it can be determined that the message is related
to a particular call.
* Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in
Asterisk. Unlike traditional ACLs defined in specific module configuration
files, Named ACLs can be shared across multiple modules.
* The Hangup Cause family of functions and dialplan applications allow for
inspection of the hangup cause codes for each channel involved in a call.
This allows a dialplan writer to determine, for each channel, who hung up and
for what reason(s).
* Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE()
lets you set some of the configuration options from the general section
of features.conf on a per-channel basis. FEATUREMAP() lets you customize
the key sequence used to activate built-in features, such as blindxfer,
and automon.
* Support for DTLS-SRTP in chan_sip.
* Support for named pickupgroups/callgroups, allowing any number of pickupgroups
and callgroups to be defined for several channel drivers.
* IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework.
More information about the new features can be found on the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation
A full list of all new features can also be found in the CHANGES file.
http://svnview.digium.com/svn/asterisk/branches/11/CHANGES
For a full list of changes in the current release, please see the ChangeLog.
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.0.0
Thank you for your continued support of Asterisk!
hex digits, so patching the makefile to compare it as decimal will
not work. Just patch out the test entirely, as pkgsrc guarantees
curl will always be present and the packaging is not equipped to
deal with this check failing anyhow.
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010. The
problem in AST-2009-008 is:
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of "403 Authentication user name does not
match account name". If the peer does not exist the response will
be "404 Not Found" if alwaysauthreject is disabled and "401
Unauthorized" if alwaysauthreject is enabled.
-----
And, the problem in AST-2009-010 is:
-----
An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.
-----
* channels/chan_sip.c: Copy the From header into a variable so that
pedantic SIP handling does not try to mess with a NULL pointer.
(AST-2008-008)
* channels/chan_iax2.c: When we receive a full frame that is
supposed to contain our call number, ensure that it has the
correct one. (closes issue #10078) (AST-2008-006)
Update for several critical security issues:
* astobj.h: Fix character string being treated as format string
* chan_sip.c: Do not return with a successful
authentication if the From header ends up empty. (AST-2008-003)
* chan_iax2.c: Fix another potential seg fault (closes issue #11606)
* chan_iax2.c: Fix a couple of places where it's possible
to dereference a NULL pointer.
* chan_sip.c, channels/chan_iax2.c: Fixing AST-2007-027
* cdr_pgsql.c: Properly escape src and dst fields (Fixes AST-2007-026)
Version 1.2.24 is the final 1.2 release that contains normal bug fixes.
The 1.2 branch will only be maintained with security fix releases from
now until it is completely deprecated.
* channels/chan_iax2.c: Don't create the Asterisk channel until we
are starting the PBX on it. (ASA-2007-018)
* channels/chan_agent.c: (closes issue #5866) Reported by: tyler Do
not force channel format changes when a generator is present. The
generator may have changed the formats itself and changing them
back would cause issues.
* channels/chan_sip.c: (closes issue #10236) Reported by: homesick
Patches: rpid_1.4_75840.patch uploaded by homesick (license 91)
Accept Remote Party ID on guest calls.
* include/asterisk/app.h: We should not use C++ reserved words in
API headers (closes issue #10266)
* channels/chan_sip.c: Backport a fix for a memory leak that was
fixed in trunk in reivision 76221 by rizzo. The memory used for
the localaddr list was not freed during a configuration reload.
* channels/chan_sip.c: (closes issue #10247) Reported by:
fkasumovic Patches: chan_sip.patch uploaded by fkasumovic
(license #101) Drop any peer realm authentication entries when
reloading so multiple entries do not get added to the peer.
* channels/chan_iax2.c: When processing full frames, take sequence
number wraparound into account when deciding whether or not we
need to request retransmissions by sending a VNAK. This code
could cause VNAKs to be sent erroneously in some cases, and to
not be sent in other cases when it should have been. (closes
issue #10237, reported and patched by mihai)
* channels/chan_iax2.c: When traversing the queue of frames for
possible retransmission after receiving a VNAK, handle sequence
number wraparound so that all frames that should be retransmitted
actually do get retransmitted. (issue #10227, reported and
patched by mihai)
* apps/app_voicemail.c: Store prior to copy (closes issue #10193)
* apps/app_queue.c: removed the word 'pissed' from ast_log(...)
* channels/chan_skinny.c: Properly check for the length in the
skinny packet to prevent an invalid memcpy. (ASA-2007-016)
* channels/iax2-parser.h, channels/chan_iax2.c,
channels/iax2-parser.c: Ensure that when encoding the contents of
an ast_frame into an iax_frame, that the size of the destination
buffer is known in the iax_frame so that code won't write past
the end of the allocated buffer when sending outgoing frames.
(ASA-2007-014)
* channels/chan_iax2.c: After parsing information elements in IAX
frames, set the data length to zero, so that code later on does
not think it has data to copy. (ASA-2007-015)
* res/res_musiconhold.c: Fix a couple potential minor memory leaks.
load_moh_classes() could return without destroying the loaded
configuration.
* apps/app_chanspy.c: Fixed an issue where chanspy flags were
uninitialized if no options were passed.
* res/res_musiconhold.c: Ensure that adding a user to the list of
users of a specific music on hold class is not done at the same
time as any of the other operations on this list to prevent list
corruption.
* channels/chan_iax2.c: The function make_trunk() can fail and
return -1 instead of a valid new call number. Fix the uses of
this function to handle this instead of treating it as the new
call number. This would cause a deadlock and memory corruption.
* channels/chan_agent.c: The cli command "agent logoff Agent/x
soft" did not work...at all. Now it does.
* res/res_config_odbc.c: Make sure that the ESCAPE immediately
follows the condition that uses LIKE. This fixes realtime
extensions with ODBC.
* apps/app_queue.c: Fix an issue where it was possible to have a
service level of over 100% Between the time recalc_holdtime and
update_queue was called, it was possible that the call could have
been hungup.
* dns.c: Use res_ndestroy on systems that have it. Otherwise, use
res_nclose. This prevents a memleak on NetBSD - and possibly
others.
This release is a regular maintenance release. It has been made just
a couple of weeks after the previous set of releases because the
development team has been working especially hard on fixing bugs
lately. There has been a large volume of issues fixed in just two weeks.
