Name : asterisk
Product : Fedora 15
Version : 1.8.7.1
Release : 1.fc15
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
---------------------------------------------------------------------------=
-----
Update Information:
The Asterisk Development Team has announced a security release for Asterisk=
1.8.
The available security release is released as version 1.8.7.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic=
h can
lead to a remotely exploitable crash:
Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
The issue and resolution is described in the AST-2011-012 security
advisory.
For more information about the details of this vulnerability, please read t=
he
security advisory AST-2011-012, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8=
.7.1
Security advisory AST-2011-012 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
---------------------------------------------------------------------------=
-----
ChangeLog:
* Mon Oct 17 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asteri=
sk 1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh=
ich can
- lead to a remotely exploitable crash:
-
- Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read=
the
- security advisory AST-2011-012, which was released at the same time as th=
is
- announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.7.1
* Mon Oct 3 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.7.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.7.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- Please note that a significant numbers of changes and fixes have gone into
- features.c in this release (call parking, built-in transfers, call pickup,
- etc.).
-
- NOTE:
-
- Recently, we were notified that the mechanism included in our Asterisk so=
urce
- code releases to download and build support for the iLBC codec had stopped
- working correctly; a little investigation revealed that this occurred bec=
ause of
- some changes on the ilbcfreeware.org website. These changes occurred as a=
result
- of Google's acquisition of GIPS, who produced (and provided licenses
for)=
the
- iLBC codec.
-
- If you are a user of Asterisk and iLBC together, and you've already
execu=
ted a
- license agreement with GIPS, we believe you can continue using iLBC with
- Asterisk. If you are a user of Asterisk and iLBC together, but you had not
- executed a license agreement with GIPS, we encourage you to research the
- situation and consult with your own legal representatives to determine wh=
at
- actions you may want to take (or avoid taking).
-
- More information is available on the Asterisk blog:
-
- http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googl=
es-acquisition-of-gips/
-
- The following is a sample of the issues resolved in this release:
-
- * Added the 'storesipcause' option to sip.conf to allow the user to
disab=
le the
- setting of HASH(SIP_CAUSE,) on the channel. Having chan_sip set
- HASH(SIP_CAUSE,) on the channel carries a significant performance
- penalty because of the usage of the MASTER_CHANNEL() dialplan function.
-
- We've decided to disable this feature by default in future 1.8
versions.=
This
- would be an unexpected behavior change for anyone depending on that SIP_=
CAUSE
- update in their dialplan. Please refer to the asterisk-dev mailing list =
more
- information:
-
- http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
-
- * Significant fixes and improvements to parking lots.
- (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430, ASTERISK-=
17452,
- ASTERISK-17452, ASTERISK-15792. Reported by: David Cabrejos, Remi Quezad=
a,
- Philippe Lindheimer, David Woolley, Mat Murdock. Patched by: rmudgett)
-
- * Numerous issues have been reported for deadlocks that are caused by a b=
locking
- read in res_timing_timerfd on a file descriptor that will never be writt=
en to.
-
- A change to Asterisk adds some checks to make sure that the timerfd is b=
oth
- valid and armed before calling read(). Should fix: ASTERISK-18142,
- ASTERISK-18197, ASTERISK-18166 and possibly others.
- (In essence, this change should make res_timing_timerfd usable.)
-
- * Resolve segfault when publishing device states via XMPP and not connect=
ed.
- (Closes issue ASTERISK-18078. Reported, patched by: Michael L. Young. Te=
sted
- by Jonathan Rose)
-
- * Refresh peer address if DNS unavailable at peer creation.
- (Closes issue ASTERISK-18000)
-
- * Fix the missing DAHDI channels when using the newer chan_dahdi.conf sec=
tions
- for channel configuration.
- (Closes issue ASTERISK-18496. Reported by Sean Darcy. Patched by Richard
- Mudgett)
-
- * Remove unnecessary libpri dependency checks in the configure script.
- (Closes issue ASTERISK-18535. Reported by Michael Keuter. Patched by Ric=
hard
- Mudgett)
-
- * Update get_ilbc_source.sh script to work again.
- (Closes issue ASTERISK-18412)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
* Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-4
- Add additional patch for res_pktccops.
* Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-3
- Add patch to fix compatibility with 389 directory server.
* Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-2
- Add patches to fix many bug reports from bugzilla.
* Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.6.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix an issue with Music on Hold classes losing files in playlist when r=
ealtime
- is used.
- (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I=
gor
- Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor=
ming a
- 'sip reload' from the console.
- (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu=
dgett)
-
- * Address some improper sql statements in res_odbc that would cause an up=
date
- to fail on realtime peers due to trying to set as "(NULL)" rather
than an
- actual NULL.
- (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti=
lghman
- Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number o=
f times
- regardless to receipt of ACK.
- (Patched by Richard Mudgett)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
- always request PIN(P) options, MeetMe will ask for the PIN two times: on=
ce for
- creating the conference and once for entering the conference.
- (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
- http://www.telepermit.co.nz/TNA102.pdf
- (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- * Segfault in shell_helper in func_shell.c
- (Closes issue ASTERISK-18109. Reported by Michael Myles, patched by Rich=
ard
- Mudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0
* Tue Aug 23 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-0.2.rc2
- The Asterisk Development Team has announced the second release candidate =
of
- Asterisk 1.8.6.0. This release candidate is available for immediate downl=
oad at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc2 resolves several issues reported by t=
he
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * --- Segfault in shell_helper in func_shell.c ---
- (Closes issue ASTERISK-18109.
- Reported by Michael Myles, patched by Richard Mudgett)
-
- * --- Re-add support for spaces in pathnames ---
- (Closes issue ASTERISK-18290.
- Reported by Paul Belanger, patched by Tilghman Lesher)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc2
* Thu Aug 11 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-0.1.rc1
- The Asterisk Development Team announces the first release candidate of
- Asterisk 1.8.6.0. This release candidate is available for immediate downl=
oad at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.6.0-rc1 resolves several issues reported by t=
he
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * Fix an issue with Music on Hold classes losing files in playlist when r=
ealtime
- is used.
- (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I=
gor
- Goncharovsky)
-
- * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor=
ming a
- 'sip reload' from the console.
- (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu=
dgett)
-
- * Address some improper sql statements in res_odbc that would cause an up=
date
- to fail on realtime peers due to trying to set as "(NULL)" rather
than an
- actual NULL.
- (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti=
lghman
- Lesher)
-
- * Resolve issue where 403 Forbidden would always be sent maximum number o=
f times
- regardless to receipt of ACK.
- (Patched by Richard Mudgett)
-
- * Updated chan_gtalk to work with changes made by Google.
- (Closes issue ASTERISK-18804. Patched by Terry Wilson)
-
- * Resolve issue where if a call to MeetMe includes both the dynamic(D) and
- always request PIN(P) options, MeetMe will ask for the PIN two times: on=
ce for
- creating the conference and once for entering the conference.
- (Patched by Kinsey Moore)
-
- * Fix New Zealand indications profile based on
- http://www.telepermit.co.nz/TNA102.pdf
- (Closes issue ASTERISK-16263. Reported, Patched by richardf)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc1
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. =
This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,=
ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo=
is,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requ=
ests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a s=
pied on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option
for al=
ways
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs=
up. If
- the call that the dialplan started an AGI script for is hungup while the=
AGI
- script is in the middle of a command then the AGI script is not notified=
of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu=
dgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent.=
The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa=
rd
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from=
issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul 7 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
* Fri Jul 1 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.1.rc1
- Fix systemd dependencies in EL6 and F15
* Thu Jun 30 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.1.rc1
- The Asterisk Development Team has announced the first release candidate of
- Asterisk 1.8.5. This release candidate is available for immediate downloa=
d at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidat=
e:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,=
ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo=
is,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requ=
ests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a s=
pied on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option
for al=
ways
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs=
up. If
- the call that the dialplan started an AGI script for is hungup while the=
AGI
- script is in the middle of a command then the AGI script is not notified=
of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu=
dgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent.=
The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa=
rd
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from=
issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- * Fix timerfd locking issue.
- (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
* Thu Jun 30 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.4-2
- Fedora Directory Server -> 389 Directory Server
* Wed Jun 29 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.4-1
- The Asterisk Development Team has announced the release of Asterisk
- versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security
- releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
- following issue:
-
- AST-2011-011: Asterisk may respond differently to SIP requests from an
- invalid SIP user than it does to a user configured on the system, even
- when the alwaysauthreject option is set in the configuration. This can
- leak information about what SIP users are valid on the Asterisk
- system.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-011, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the Change=
Log:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.4.41.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.6.2.18.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.4
-
- Security advisory AST-2011-011 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-011.pdf
* Mon Jun 27 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-3
- Don't forget stereorize
* Mon Jun 27 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-2
- Move /var/run/asterisk to /run/asterisk
- Add comments to systemd service file on how to mimic safe_asterisk functi=
onality
- Build more of the optional binaries
- Install the tmpfiles.d configuration on Fedora 15
* Fri Jun 24 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-1
- The Asterisk Development Team has announced the release of Asterisk versi=
ons
- 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several =
issues
- as outlined below:
-
- * AST-2011-008: If a remote user sends a SIP packet containing a null,
- Asterisk assumes available data extends past the null to the
- end of the packet when the buffer is actually truncated when
- copied. This causes SIP header parsing to modify data past
- the end of the buffer altering unrelated memory structures.
- This vulnerability does not affect TCP/TLS connections.
- -- Resolved in 1.6.2.18.1 and 1.8.4.3
-
- * AST-2011-009: A remote user sending a SIP packet containing a Contact h=
eader
- with a missing left angle bracket (<) causes Asterisk to
- access a null pointer.
- -- Resolved in 1.8.4.3
-
- * AST-2011-010: A memory address was inadvertently transmitted over the
- network via IAX2 via an option control frame and the remote party would =
try
- to access it.
- -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
-
- The issues and resolutions are described in the AST-2011-008, AST-2011-00=
9, and
- AST-2011-010 security advisories.
-
- For more information about the details of these vulnerabilities, please r=
ead
- the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, whi=
ch were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the Change=
Log:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.4.41.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.6.2.18.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.3
-
- Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are avai=
lable
- at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-010.pdf
* Tue Jun 21 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.2-2
- Convert to systemd
* Fri Jun 17 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <mmaslano@redhat.co=
m> - 1.8.4.2-1.2
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <mmaslano@redhat.co=
m> - 1.8.4.2-1.1
- Perl 5.14 mass rebuild
* Fri Jun 3 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.2-1:
-
- The Asterisk Development Team has announced the release of Asterisk
- version 1.8.4.2, which is a security release for Asterisk 1.8.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.4.2 resolves an issue with SIP URI
- parsing which can lead to a remotely exploitable crash:
-
- Remote Crash Vulnerability in SIP channel driver (AST-2011-007)
-
- The issue and resolution is described in the AST-2011-007 security
- advisory.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-007, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current release, please see the ChangeL=
og:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1=
.8.4.2
-
- Security advisory AST-2011-007 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-007.pdf
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.4=
.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4.1 resolves several issues reported by the
- community. Without your help this release would not have been possible.
- Thank you!
-
- Below is a list of issues resolved in this release:
-
- * Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
- (Closes issue #18951. Reported by jmls. Patched by wdoekes)
-
- * Resolve a change in IPv6 header parsing due to the Cisco phone fix iss=
ue.
- This issue was found and reported by the Asterisk test suite.
- (Closes issue #18951. Patched by mnicholson)
-
- * Resolve potential crash when using SIP TLS support.
- (Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by
- vois, Chainsaw)
-
- * Improve reliability when using SIP TLS.
- (Closes issue #19182. Reported by st. Patched by mnicholson)
-
-
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1
- The Asterisk Development Team has announced the release of Asterisk 1.8.4=
. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4 resolves several issues reported by the com=
munity.
- Without your help this release would not have been possible. Thank you!
-
- Below is a sample of the issues resolved in this release:
-
- * Use SSLv23_client_method instead of old SSLv2 only.
- (Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by r=
ussell
- and chazzam.
-
- * Resolve crash in ast_mutex_init()
- (Patched by twilson)
-
- * Resolution of several DTMF based attended transfer issues.
- (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
- shihchuan, grecco. Patched by rmudgett)
-
- NOTE: Be sure to read the ChangeLog for more information about these ch=
anges.
-
- * Resolve deadlocks related to device states in chan_sip
- (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
-
- * Resolve an issue with the Asterisk manager interface leaking memory wh=
en
- disabled.
- (Reported internally by kmorgan. Patched by russellb)
-
- * Support greetingsfolder as documented in voicemail.conf.sample.
- (Closes issue #17870. Reported by edhorton. Patched by seanbright)
-
- * Fix channel redirect out of MeetMe() and other issues with channel sof=
thangup
- (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
- Patched by russellb)
-
- * Fix voicemail sequencing for file based storage.
- (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
- jpeeler)
-
- * Set hangup cause in local_hangup so the proper return code of 486 inst=
ead of
- 503 when using Local channels when the far sides returns a busy. Also a=
ffects
- CCSS in Asterisk 1.8+.
- (Patched by twilson)
-
- * Fix issues with verbose messages not being output to the console.
- (Closes issue #18580. Reported by pabelanger. Patched by qwell)
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by
- alecdavid, Irontec, ZX81, cmaj)
-
- Includes changes per AST-2011-005 and AST-2011-006
- For a full list of changes in this release candidate, please see the Chan=
geLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4
-
- Information about the security releases are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d=
river (AST-2011-012)
https://bugzilla.redhat.com/show_bug.cgi?id=3D746817
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
