Name : asterisk Product : Fedora 15 Version : 1.8.7.1 Release : 1.fc15 URL : http://www.asterisk.org/ Summary : The Open Source PBX Description : Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.
---------------------------------------------------------------------------= ----- Update Information:
The Asterisk Development Team has announced a security release for Asterisk= 1.8. The available security release is released as version 1.8.7.1.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic= h can lead to a remotely exploitable crash:
Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
The issue and resolution is described in the AST-2011-012 security advisory.
For more information about the details of this vulnerability, please read t= he security advisory AST-2011-012, which was released at the same time as this announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8= .7.1
Security advisory AST-2011-012 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
---------------------------------------------------------------------------= ----- ChangeLog:
* Mon Oct 17 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.7.1-1 - The Asterisk Development Team has announced a security release for Asteri= sk 1.8. - The available security release is released as version 1.8.7.1. - - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing wh= ich can - lead to a remotely exploitable crash: - - Remote Crash Vulnerability in SIP channel driver (AST-2011-012) - - The issue and resolution is described in the AST-2011-012 security - advisory. - - For more information about the details of this vulnerability, please read= the - security advisory AST-2011-012, which was released at the same time as th= is - announcement. - - For a full list of changes in the current release, please see the ChangeL= og: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .8.7.1 * Mon Oct 3 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.7.0-1 - The Asterisk Development Team announces the release of Asterisk 1.8.7.0. = This - release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.7.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - Please note that a significant numbers of changes and fixes have gone into - features.c in this release (call parking, built-in transfers, call pickup, - etc.). - - NOTE: - - Recently, we were notified that the mechanism included in our Asterisk so= urce - code releases to download and build support for the iLBC codec had stopped - working correctly; a little investigation revealed that this occurred bec= ause of - some changes on the ilbcfreeware.org website. These changes occurred as a= result - of Google's acquisition of GIPS, who produced (and provided licenses for)= the - iLBC codec. - - If you are a user of Asterisk and iLBC together, and you've already execu= ted a - license agreement with GIPS, we believe you can continue using iLBC with - Asterisk. If you are a user of Asterisk and iLBC together, but you had not - executed a license agreement with GIPS, we encourage you to research the - situation and consult with your own legal representatives to determine wh= at - actions you may want to take (or avoid taking). - - More information is available on the Asterisk blog: - - http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googl= es-acquisition-of-gips/ - - The following is a sample of the issues resolved in this release: - - * Added the 'storesipcause' option to sip.conf to allow the user to disab= le the - setting of HASH(SIP_CAUSE,) on the channel. Having chan_sip set - HASH(SIP_CAUSE,) on the channel carries a significant performance - penalty because of the usage of the MASTER_CHANNEL() dialplan function. - - We've decided to disable this feature by default in future 1.8 versions.= This - would be an unexpected behavior change for anyone depending on that SIP_= CAUSE - update in their dialplan. Please refer to the asterisk-dev mailing list = more - information: - - http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html - - * Significant fixes and improvements to parking lots. - (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430, ASTERISK-= 17452, - ASTERISK-17452, ASTERISK-15792. Reported by: David Cabrejos, Remi Quezad= a, - Philippe Lindheimer, David Woolley, Mat Murdock. Patched by: rmudgett) - - * Numerous issues have been reported for deadlocks that are caused by a b= locking - read in res_timing_timerfd on a file descriptor that will never be writt= en to. - - A change to Asterisk adds some checks to make sure that the timerfd is b= oth - valid and armed before calling read(). Should fix: ASTERISK-18142, - ASTERISK-18197, ASTERISK-18166 and possibly others. - (In essence, this change should make res_timing_timerfd usable.) - - * Resolve segfault when publishing device states via XMPP and not connect= ed. - (Closes issue ASTERISK-18078. Reported, patched by: Michael L. Young. Te= sted - by Jonathan Rose) - - * Refresh peer address if DNS unavailable at peer creation. - (Closes issue ASTERISK-18000) - - * Fix the missing DAHDI channels when using the newer chan_dahdi.conf sec= tions - for channel configuration. - (Closes issue ASTERISK-18496. Reported by Sean Darcy. Patched by Richard - Mudgett) - - * Remove unnecessary libpri dependency checks in the configure script. - (Closes issue ASTERISK-18535. Reported by Michael Keuter. Patched by Ric= hard - Mudgett) - - * Update get_ilbc_source.sh script to work again. - (Closes issue ASTERISK-18412) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0 * Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-4 - Add additional patch for res_pktccops. * Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-3 - Add patch to fix compatibility with 389 directory server. * Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-2 - Add patches to fix many bug reports from bugzilla. * Tue Sep 20 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-1 - The Asterisk Development Team announces the release of Asterisk 1.8.6.0. = This - release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.6.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * Fix an issue with Music on Hold classes losing files in playlist when r= ealtime - is used. - (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I= gor - Goncharovsky) - - * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor= ming a - 'sip reload' from the console. - (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu= dgett) - - * Address some improper sql statements in res_odbc that would cause an up= date - to fail on realtime peers due to trying to set as "(NULL)" rather than an - actual NULL. - (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti= lghman - Lesher) - - * Resolve issue where 403 Forbidden would always be sent maximum number o= f times - regardless to receipt of ACK. - (Patched by Richard Mudgett) - - * Resolve issue where if a call to MeetMe includes both the dynamic(D) and - always request PIN(P) options, MeetMe will ask for the PIN two times: on= ce for - creating the conference and once for entering the conference. - (Patched by Kinsey Moore) - - * Fix New Zealand indications profile based on - http://www.telepermit.co.nz/TNA102.pdf - (Closes issue ASTERISK-16263. Reported, Patched by richardf) - - * Segfault in shell_helper in func_shell.c - (Closes issue ASTERISK-18109. Reported by Michael Myles, patched by Rich= ard - Mudgett) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0 * Tue Aug 23 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-0.2.rc2 - The Asterisk Development Team has announced the second release candidate = of - Asterisk 1.8.6.0. This release candidate is available for immediate downl= oad at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.6.0-rc2 resolves several issues reported by t= he - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release candidat= e: - - * --- Segfault in shell_helper in func_shell.c --- - (Closes issue ASTERISK-18109. - Reported by Michael Myles, patched by Richard Mudgett) - - * --- Re-add support for spaces in pathnames --- - (Closes issue ASTERISK-18290. - Reported by Paul Belanger, patched by Tilghman Lesher) - - For a full list of changes in this release candidate, please see the Chan= geLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc2 * Thu Aug 11 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.6.0-0.1.rc1 - The Asterisk Development Team announces the first release candidate of - Asterisk 1.8.6.0. This release candidate is available for immediate downl= oad at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.6.0-rc1 resolves several issues reported by t= he - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release candidat= e: - - * Fix an issue with Music on Hold classes losing files in playlist when r= ealtime - is used. - (Closes issue ASTERISK-17875. Reported by David Cunningham. Patched by I= gor - Goncharovsky) - - * Resolve a potential crash in chan_sip when utilizing auth=3D and perfor= ming a - 'sip reload' from the console. - (Closes issue ASTERISK-17939. Reported by wdoekes. Patched by Richard Mu= dgett) - - * Address some improper sql statements in res_odbc that would cause an up= date - to fail on realtime peers due to trying to set as "(NULL)" rather than an - actual NULL. - (Closes issue ASTERISK-17791. Reported by marcelloceschia. Patched by Ti= lghman - Lesher) - - * Resolve issue where 403 Forbidden would always be sent maximum number o= f times - regardless to receipt of ACK. - (Patched by Richard Mudgett) - - * Updated chan_gtalk to work with changes made by Google. - (Closes issue ASTERISK-18804. Patched by Terry Wilson) - - * Resolve issue where if a call to MeetMe includes both the dynamic(D) and - always request PIN(P) options, MeetMe will ask for the PIN two times: on= ce for - creating the conference and once for entering the conference. - (Patched by Kinsey Moore) - - * Fix New Zealand indications profile based on - http://www.telepermit.co.nz/TNA102.pdf - (Closes issue ASTERISK-16263. Reported, Patched by richardf) - - For a full list of changes in this release candidate, please see the Chan= geLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0-rc1 * Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 1.8.5.0-1.2 - Perl mass rebuild * Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 1.8.5.0-1.1 - Perl mass rebuild * Mon Jul 11 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5.0-1 - The Asterisk Development Team announces the release of Asterisk 1.8.5.0. = This - release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.5.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * Fix Deadlock with attended transfer of SIP call - (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,= ZX81, - cmaj) - - * Fixes thread blocking issue in the sip TCP/TLS implementation. - (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo= is, - rossbeer, kowalma, Freddi_Fonet) - - * Be more tolerant of what URI we accept for call completion PUBLISH requ= ests. - (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson) - - * Fix a nasty chanspy bug which was causing a channel leak every time a s= pied on - channel made a call. - (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose) - - * This patch fixes a bug with MeetMe behavior where the 'P' option for al= ways - prompting for a pin is ignored for the first caller. - (Closes issue #18070. Reported by mav3rick. Patched by bbryant) - - * Fix issue where Asterisk does not hangup a channel after endpoint hangs= up. If - the call that the dialplan started an AGI script for is hungup while the= AGI - script is in the middle of a command then the AGI script is not notified= of - the hangup. - (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu= dgett) - - * Resolve issue where leaving a voicemail, the MWI message is never sent.= The - same thing happens when checking a voicemail and marking it as read. - (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa= rd - Mudgett) - - * Resolve issue where wait for leader with Music On Hold allows crosstalk - between participants. Parenthesis in the wrong position. Regression from= issue - #14365 when expanding conference flags to use 64 bits. - (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0 * Thu Jul 7 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.2 - Rebuild for net-snmp 5.7 * Fri Jul 1 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.1.rc1 - Fix systemd dependencies in EL6 and F15 * Thu Jun 30 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.5-0.1.rc1 - The Asterisk Development Team has announced the first release candidate of - Asterisk 1.8.5. This release candidate is available for immediate downloa= d at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.5-rc1 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release candidat= e: - - * Fix Deadlock with attended transfer of SIP call - (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec,= ZX81, - cmaj) - - * Fixes thread blocking issue in the sip TCP/TLS implementation. - (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vo= is, - rossbeer, kowalma, Freddi_Fonet) - - * Be more tolerant of what URI we accept for call completion PUBLISH requ= ests. - (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson) - - * Fix a nasty chanspy bug which was causing a channel leak every time a s= pied on - channel made a call. - (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose) - - * This patch fixes a bug with MeetMe behavior where the 'P' option for al= ways - prompting for a pin is ignored for the first caller. - (Closes issue #18070. Reported by mav3rick. Patched by bbryant) - - * Fix issue where Asterisk does not hangup a channel after endpoint hangs= up. If - the call that the dialplan started an AGI script for is hungup while the= AGI - script is in the middle of a command then the AGI script is not notified= of - the hangup. - (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmu= dgett) - - * Resolve issue where leaving a voicemail, the MWI message is never sent.= The - same thing happens when checking a voicemail and marking it as read. - (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richa= rd - Mudgett) - - * Resolve issue where wait for leader with Music On Hold allows crosstalk - between participants. Parenthesis in the wrong position. Regression from= issue - #14365 when expanding conference flags to use 64 bits. - (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett) - - * Fix timerfd locking issue. - (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz) - - For a full list of changes in this release candidate, please see the Chan= geLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1 * Thu Jun 30 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.4-2 - Fedora Directory Server -> 389 Directory Server * Wed Jun 29 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.4-1 - The Asterisk Development Team has announced the release of Asterisk - versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security - releases. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the - following issue: - - AST-2011-011: Asterisk may respond differently to SIP requests from an - invalid SIP user than it does to a user configured on the system, even - when the alwaysauthreject option is set in the configuration. This can - leak information about what SIP users are valid on the Asterisk - system. - - For more information about the details of this vulnerability, please - read the security advisory AST-2011-011, which was released at the - same time as this announcement. - - For a full list of changes in the current releases, please see the Change= Log: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .4.41.2 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .6.2.18.2 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .8.4.4 - - Security advisory AST-2011-011 is available at: - - http://downloads.asterisk.org/pub/security/AST-2011-011.pdf * Mon Jun 27 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-3 - Don't forget stereorize * Mon Jun 27 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-2 - Move /var/run/asterisk to /run/asterisk - Add comments to systemd service file on how to mimic safe_asterisk functi= onality - Build more of the optional binaries - Install the tmpfiles.d configuration on Fedora 15 * Fri Jun 24 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.3-1 - The Asterisk Development Team has announced the release of Asterisk versi= ons - 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several = issues - as outlined below: - - * AST-2011-008: If a remote user sends a SIP packet containing a null, - Asterisk assumes available data extends past the null to the - end of the packet when the buffer is actually truncated when - copied. This causes SIP header parsing to modify data past - the end of the buffer altering unrelated memory structures. - This vulnerability does not affect TCP/TLS connections. - -- Resolved in 1.6.2.18.1 and 1.8.4.3 - - * AST-2011-009: A remote user sending a SIP packet containing a Contact h= eader - with a missing left angle bracket (<) causes Asterisk to - access a null pointer. - -- Resolved in 1.8.4.3 - - * AST-2011-010: A memory address was inadvertently transmitted over the - network via IAX2 via an option control frame and the remote party would = try - to access it. - -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 - - The issues and resolutions are described in the AST-2011-008, AST-2011-00= 9, and - AST-2011-010 security advisories. - - For more information about the details of these vulnerabilities, please r= ead - the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, whi= ch were - released at the same time as this announcement. - - For a full list of changes in the current releases, please see the Change= Log: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .4.41.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .6.2.18.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .8.4.3 - - Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are avai= lable - at: - - http://downloads.asterisk.org/pub/security/AST-2011-008.pdf - http://downloads.asterisk.org/pub/security/AST-2011-009.pdf - http://downloads.asterisk.org/pub/security/AST-2011-010.pdf * Tue Jun 21 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.2-2 - Convert to systemd * Fri Jun 17 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <mmaslano@redhat.co= m> - 1.8.4.2-1.2 - Perl mass rebuild * Fri Jun 10 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1 <mmaslano@redhat.co= m> - 1.8.4.2-1.1 - Perl 5.14 mass rebuild * Fri Jun 3 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.8.4.2-1: - - The Asterisk Development Team has announced the release of Asterisk - version 1.8.4.2, which is a security release for Asterisk 1.8. - - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of Asterisk 1.8.4.2 resolves an issue with SIP URI - parsing which can lead to a remotely exploitable crash: - - Remote Crash Vulnerability in SIP channel driver (AST-2011-007) - - The issue and resolution is described in the AST-2011-007 security - advisory. - - For more information about the details of this vulnerability, please - read the security advisory AST-2011-007, which was released at the - same time as this announcement. - - For a full list of changes in the current release, please see the ChangeL= og: - - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1= .8.4.2 - - Security advisory AST-2011-007 is available at: - - http://downloads.asterisk.org/pub/security/AST-2011-007.pdf - - The Asterisk Development Team has announced the release of Asterisk 1.8.4= .1. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.4.1 resolves several issues reported by the - community. Without your help this release would not have been possible. - Thank you! - - Below is a list of issues resolved in this release: - - * Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix) - (Closes issue #18951. Reported by jmls. Patched by wdoekes) - - * Resolve a change in IPv6 header parsing due to the Cisco phone fix iss= ue. - This issue was found and reported by the Asterisk test suite. - (Closes issue #18951. Patched by mnicholson) - - * Resolve potential crash when using SIP TLS support. - (Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by - vois, Chainsaw) - - * Improve reliability when using SIP TLS. - (Closes issue #19182. Reported by st. Patched by mnicholson) - - - For a full list of changes in this release candidate, please see the Chan= geLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1
- The Asterisk Development Team has announced the release of Asterisk 1.8.4= . This - release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/ - - The release of Asterisk 1.8.4 resolves several issues reported by the com= munity. - Without your help this release would not have been possible. Thank you! - - Below is a sample of the issues resolved in this release: - - * Use SSLv23_client_method instead of old SSLv2 only. - (Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by r= ussell - and chazzam. - - * Resolve crash in ast_mutex_init() - (Patched by twilson) - - * Resolution of several DTMF based attended transfer issues. - (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo, - shihchuan, grecco. Patched by rmudgett) - - NOTE: Be sure to read the ChangeLog for more information about these ch= anges. - - * Resolve deadlocks related to device states in chan_sip - (Closes issue #18310. Reported, patched by one47. Patched by jpeeler) - - * Resolve an issue with the Asterisk manager interface leaking memory wh= en - disabled. - (Reported internally by kmorgan. Patched by russellb) - - * Support greetingsfolder as documented in voicemail.conf.sample. - (Closes issue #17870. Reported by edhorton. Patched by seanbright) - - * Fix channel redirect out of MeetMe() and other issues with channel sof= thangup - (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb. - Patched by russellb) - - * Fix voicemail sequencing for file based storage. - (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by - jpeeler) - - * Set hangup cause in local_hangup so the proper return code of 486 inst= ead of - 503 when using Local channels when the far sides returns a busy. Also a= ffects - CCSS in Asterisk 1.8+. - (Patched by twilson) - - * Fix issues with verbose messages not being output to the console. - (Closes issue #18580. Reported by pabelanger. Patched by qwell) - - * Fix Deadlock with attended transfer of SIP call - (Closes issue #18837. Reported, patched by alecdavis. Tested by - alecdavid, Irontec, ZX81, cmaj) - - Includes changes per AST-2011-005 and AST-2011-006 - For a full list of changes in this release candidate, please see the Chan= geLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4 - - Information about the security releases are available at: - - http://downloads.asterisk.org/pub/security/AST-2011-005.pdf - http://downloads.asterisk.org/pub/security/AST-2011-006.pdf ---------------------------------------------------------------------------= ----- References:
[ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel d= river (AST-2011-012) https://bugzilla.redhat.com/show_bug.cgi?id=3D746817 ---------------------------------------------------------------------------= -----
This update can be installed with the "yum" update program. Use =
su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= ----- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|