Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Asterisk
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Asterisk
ID: FEDORA-2013-0994
Distribution: Fedora
Plattformen: Fedora 17
Datum: Mi, 30. Januar 2013, 08:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5977
Applikationen: Asterisk

Originalnachricht

Name        : asterisk
Product : Fedora 17
Version : 10.12.0
Release : 1.fc17
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.

-------------------------------------------------------------------------------
-
Update Information:

The Asterisk Development Team has announced the release of Asterisk 10.12.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 10.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- app_meetme: Fix channels lingering when hung up under certain
conditions
(Closes issue ASTERISK-20486. Reported by Michael Cargile)

* --- Fix stuck DTMF when bridge is broken.
(Closes issue ASTERISK-20492. Reported by Jeremiah Gowdy)

* --- Improve Code Readability And Fix Setting natdetected Flag
(Closes issue ASTERISK-20724. Reported by Michael L. Young)

* --- Fix extension matching with the '-' char.
(Closes issue ASTERISK-19205. Reported by Philippe Lindheimer, Birger
"WIMPy" Harzenetter)

* --- Fix call files when astspooldir is relative.
(Closes issue ASTERISK-20593. Reported by James Le Cuirot)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Jan 18 2013 Jeffrey Ollie <jeff@ocjtech.us> - 10.12.0-1:
- The Asterisk Development Team has announced the release of Asterisk 10.12.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.12.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- app_meetme: Fix channels lingering when hung up under certain
- conditions
- (Closes issue ASTERISK-20486. Reported by Michael Cargile)
-
- * --- Fix stuck DTMF when bridge is broken.
- (Closes issue ASTERISK-20492. Reported by Jeremiah Gowdy)
-
- * --- Improve Code Readability And Fix Setting natdetected Flag
- (Closes issue ASTERISK-20724. Reported by Michael L. Young)
-
- * --- Fix extension matching with the '-' char.
- (Closes issue ASTERISK-19205. Reported by Philippe Lindheimer, Birger
"WIMPy" Harzenetter)
-
- * --- Fix call files when astspooldir is relative.
- (Closes issue ASTERISK-20593. Reported by James Le Cuirot)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0
* Fri Jan 4 2013 Jeffrey Ollie <jeff@ocjtech.us> - 10.11.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
- are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1,
10.11.1-digiumphones,
- and 11.1.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of these versions resolve the following two issues:
-
- * Stack overflows that occur in some portions of Asterisk that manage a TCP
- connection. In SIP, this is exploitable via a remote unauthenticated
session;
- in XMPP and HTTP connections, this is exploitable via remote authenticated
- sessions.
-
- * A denial of service vulnerability through exploitation of the device state
- cache. Anonymous calls had the capability to create devices in Asterisk
that
- would never be disposed of.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-014 and AST-2012-015, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the
ChangeLogs:
-
- ChangeLog-1.8.11-cert10
- ChangeLog-1.8.19.1
- ChangeLog-10.11.1
- ChangeLog-10.11.1-digiumphones
- ChangeLog-11.1.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
* Fri Dec 14 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.11.0-1:
- The Asterisk Development Team has announced the release of Asterisk 10.11.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.11.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Prevent resetting of NATted realtime peer address on reload.
- (Closes issue ASTERISK-18203. Reported by daren ferreira)
-
- * --- Do not use a FILE handle when doing SIP TCP reads.
- (Closes issue ASTERISK-20212. Reported by Phil Ciccone)
-
- * --- Fix ConfBridge crash if no timing module loaded.
- (Closes issue ASTERISK-19448. Reported by feyfre)
-
- * --- confbridge: Fix a bug which made conferences not record with
- AMI/CLI commands
- (Closes issue ASTERISK-20601. Reported by Vilius)
-
- * --- Fix execution of 'i' extension due to uninitialized variable.
- (Closes issue ASTERISK-20455. Reported by Richard Miller)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.11.0
* Fri Dec 7 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.10.1-1
- The Asterisk Development Team has announced the release of Asterisk 10.10.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.10.1 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- chan_local: Fix local_pvt ref leak in local_devicestate().
- (Closes issue ASTERISK-20769. Reported by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.1
* Wed Nov 7 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.10.0-1:
- The Asterisk Development Team has announced the release of Asterisk 10.10.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.10.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Resolve issues in ConfBridge regarding marked, waitmarked, and
- unmarked users
- (Closes issue ASTERISK-19562. Reported by flan)
-
- * --- dsp.c User Configurable DTMF_HITS_TO_BEGIN and
- DTMF_MISSES_TO_END
- (Closes issue ASTERISK-17493. Reported by alecdavis)
-
- * --- Fix error where improper IMAP greetings would be deleted.
- (Closes issue ASTERISK-20435. Reported by fhackenberger)
-
- * --- iax2-provision: Fix improper return on failed cache retrieval
- (Closes issue ASTERISK-20337. Reported by John Covert)
-
- * --- Fix T.38 support when used with chan_local in between.
- (Closes issue ASTERISK-20229. Reported by wdoekes)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.0
* Tue Oct 9 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.9.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.9.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.9.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix channel reference leak in ChanSpy.
- (Closes issue ASTERISK-19461. Reported by Irontec)
-
- * --- dsp.c: Fix multiple issues when no-interdigit delay is present,
- and fast DTMF 50ms/50ms
- (Closes issue ASTERISK-19610. Reported by Jean-Philippe Lord)
-
- * --- Fix bug where final queue member would not be removed from
- memory.
- (Closes issue ASTERISK-19793. Reported by Marcus Haas)
-
- * --- Fix memory leak when CEL is successfully written to PostgreSQL
- database
- (Closes issue ASTERISK-19991. Reported by Etienne Lessard)
-
- * --- Fix DUNDi message routing bug when neighboring peer is
- unreachable
- (Closes issue ASTERISK-19309. Reported by Peter Racz)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.9.0
* Wed Sep 26 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.8.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.8.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.8.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
- ExternalIVR
- (Closes issue ASTERISK-20132. Reported by Zubair Ashraf of IBM X-Force
Research)
-
- * --- AST-2012-013: Resolve ACL rules being ignored during calls by
- some IAX2 peers
- (Closes issue ASTERISK-20186. Reported by Alan Frisch)
-
- * --- Handle extremely out of order RFC 2833 DTMF
- (Closes issue ASTERISK-18404. Reported by Stephane Chazelas)
-
- * --- Resolve severe memory leak in CEL logging modules.
- (Closes issue AST-916. Reported by Thomas Arimont)
-
- * --- Only re-create an SRTP session when needed
- (Issue ASTERISK-20194. Reported by Nicolo Mazzon)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.8.0
* Tue Sep 4 2012 Dan Horák <dan[at]danny.cz> - 10.7.1-2
- fix build on s390
* Thu Aug 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.7.1-1
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and
10.7.1-digiumphones
- resolve the following two issues:
-
- * A permission escalation vulnerability in Asterisk Manager Interface. This
- would potentially allow remote authenticated users the ability to execute
- commands on the system shell with the privileges of the user running the
- Asterisk application. Please note that the
README-SERIOUSLY.bestpractices.txt
- file delivered with Asterisk has been updated due to this and other related
- vulnerabilities fixed in previous versions of Asterisk.
-
- * When an IAX2 call is made using the credentials of a peer defined in a
- dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for
that
- peer are not applied to the call attempt. This allows for a remote attacker
- who is aware of a peer's credentials to bypass the ACL rules set for
that
- peer.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-012 and AST-2012-013, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the
ChangeLogs:
-
- ChangeLog-1.8.11-cert7
- ChangeLog-1.8.15.1
- ChangeLog-10.7.1
- ChangeLog-10.7.1-digiumphones
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
* Thu Aug 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.7.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.7.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix deadlock potential with ast_set_hangupsource() calls.
- (Closes issue ASTERISK-19801. Reported by Alec Davis)
-
- * --- Fix request routing issue when outboundproxy is used.
- (Closes issue ASTERISK-20008. Reported by Marcus Hunger)
-
- * --- Set the Caller ID "tag" on peers even if remote party
- information is present.
- (Closes issue ASTERISK-19859. Reported by Thomas Arimont)
-
- * --- Fix NULL pointer segfault in ast_sockaddr_parse()
- (Closes issue ASTERISK-20006. Reported by Michael L. Young)
-
- * --- Do not perform install on existing directories
- (Closes issue ASTERISK-19492. Reported by Karl Fife)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.7.0
* Thu Aug 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.6.1-1
- The Asterisk Development Team has announced the release of Asterisk 10.6.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.6.1 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- Remove a superfluous and dangerous freeing of an SSL_CTX.
- (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
* Thu Aug 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.6.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.6.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.6.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- format_mp3: Fix a possible crash in mp3_read().
- (Closes issue ASTERISK-19761. Reported by Chris Maciejewsk)
-
- * --- Fix local channel chains optimizing themselves out of a call.
- (Closes issue ASTERISK-16711. Reported by Alec Davis)
-
- * --- Re-add LastMsgsSent value for SIP peers
- (Closes issue ASTERISK-17866. Reported by Steve Davies)
-
- * --- Prevent sip_pvt refleak when an ast_channel outlasts its
- corresponding sip_pvt.
- (Closes issue ASTERISK-19425. Reported by David Cunningham)
-
- * --- Send more accurate identification information in dialog-info SIP
- NOTIFYs.
- (Closes issue ASTERISK-16735. Reported by Maciej Krajewski)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0
* Wed Jul 18 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 10.5.2-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 9 2012 Petr Pisar <ppisar@redhat.com> - 10.5.2-1.1
- Perl 5.16 rebuild
* Thu Jul 5 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.5.2-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and
10.5.2-digiumphones
- resolve the following two issues:
-
- * If Asterisk sends a re-invite and an endpoint responds to the re-invite
with
- a provisional response but never sends a final response, then the SIP
dialog
- structure is never freed and the RTP ports for the call are never released.
If
- an attacker has the ability to place a call, they could create a denial of
- service by using all available RTP ports.
-
- * If a single voicemail account is manipulated by two parties simultaneously,
- a condition can occur where memory is freed twice causing a crash.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-010 and AST-2012-011, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the
ChangeLogs:
-
- ChangeLog-1.8.11-cert4
- ChangeLog-1.8.13.1
- ChangeLog-10.5.2
- ChangeLog-10.5.2-digiumphones
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
* Thu Jun 28 2012 Petr Pisar <ppisar@redhat.com> - 10.5.1-1.1
- Perl 5.16 rebuild
* Fri Jun 15 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.5.1-1
- The Asterisk Development Team has announced a security release for Asterisk
10.
- This security release is released as version 10.5.1.
-
- The release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 10.5.1 resolves the following issue:
-
- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
- Channel driver. When an SCCP client sends an Off Hook message, followed by
- a Key Pad Button Message, a structure that was previously set to NULL is
- dereferenced. This allows remote authenticated connections the ability to
- cause a crash in the server, denying services to legitimate users.
-
- This issue and its resolution is described in the security advisory.
-
- For more information about the details of this vulnerability, please read
- security advisory AST-2012-009, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- ChangeLog-10.5.1
-
- The security advisory is available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-009.pdf
* Fri Jun 15 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.5.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.5.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Turn off warning message when bind address is set to any.
- (Closes issue ASTERISK-19456. Reported by Michael L. Young)
-
- * --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
- machines
- (Closes issue ASTERISK-19727. Reported by Ben Klang)
-
- * --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
- before disconnecting the call.
- (Closes issue ASTERISK-19708. Reported by mehdi Shirazi)
-
- * --- Fix recalled party B feature flags for a failed DTMF atxfer.
- (Closes issue ASTERISK-19383. Reported by lgfsantos)
-
- * --- Fix DTMF atxfer running h exten after the wrong bridge ends.
- (Closes issue ASTERISK-19717. Reported by Mario)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0
* Mon Jun 11 2012 Petr Pisar <ppisar@redhat.com> - 10.4.2-1.1
- Perl 5.16 rebuild
* Wed May 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.4.2-1
- The Asterisk Development Team has announced the release of Asterisk 10.4.2.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.4.2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Resolve crash in subscribing for MWI notifications
- (Closes issue ASTERISK-19827. Reported by B. R)
-
- * --- Fix crash in ConfBridge when user announcement is played for
- more than 2 users
- (Closes issue ASTERISK-19899. Reported by Florian Gilcher)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.2
* Wed May 30 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.4.1-1
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the
following
- two issues:
-
- * A remotely exploitable crash vulnerability exists in the IAX2 channel
- driver if an established call is placed on hold without a suggested music
- class. Asterisk will attempt to use an invalid pointer to the music
- on hold class name, potentially causing a crash.
-
- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
- Channel driver. When an SCCP client closes its connection to the server,
- a pointer in a structure is set to NULL. If the client was not in the
- on-hook state at the time the connection was closed, this pointer is later
- dereferenced. This allows remote authenticated connections the ability to
- cause a crash in the server, denying services to legitimate users.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-007 and AST-2012-008, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the
ChangeLogs:
-
- ChangeLog-1.8.11-cert2
- ChangeLog-1.8.12.1
- ChangeLog-10.4.1
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
* Fri May 4 2012 Jeffrey Ollie <jeff@ocjtech.us> - 10.4.0-1
- The Asterisk Development Team has announced the release of Asterisk 10.4.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 10.4.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following are the issues resolved in this release:
-
- * --- Prevent chanspy from binding to zombie channels
- (Closes issue ASTERISK-19493. Reported by lvl)
-
- * --- Fix Dial m and r options and forked calls generating warnings
- for voice frames.
- (Closes issue ASTERISK-16901. Reported by Chris Gentle)
-
- * --- Remove ISDN hold restriction for non-bridged calls.
- (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
-
- * --- Fix copying of CDR(accountcode) to local channels.
- (Closes issue ASTERISK-19384. Reported by jamicque)
-
- * --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
- (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
-
- * --- Eliminate double close of file descriptor in manager.c
- (Closes issue ASTERISK-18453. Reported by Jaco Kroon)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.0
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #891646 - CVE-2012-5976 asterisk: Crashes due to large stack
allocations when using TCP (AST-2012-014)
https://bugzilla.redhat.com/show_bug.cgi?id=891646
[ 2 ] Bug #891649 - CVE-2012-5977 asterisk: Denial of service through
exploitation of device state caching (AST-2012-015)
https://bugzilla.redhat.com/show_bug.cgi?id=891649
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung