Name : asterisk Product : Fedora 19 Version : 11.7.0 Release : 1.fc19 URL : http://www.asterisk.org/ Summary : The Open Source PBX Description : Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.
------------------------------------------------------------------------------- - Update Information:
* Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.7.0-1:
- The Asterisk Development Team has announced the release of Asterisk 11.7.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 11.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- app_confbridge: Can now set the language used for announcements
- to the conference.
- (Closes issue ASTERISK-19983. Reported by Jonathan White)
-
- * --- app_queue: Fix CLI "queue remove member" queue_log entry.
- (Closes issue ASTERISK-21826. Reported by Oscar Esteve)
-
- * --- chan_sip: Do not increment the SDP version between 183 and 200
- responses.
- (Closes issue ASTERISK-21204. Reported by NITESH BANSAL)
-
- * --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls
- (Closes issue ASTERISK-22005. Reported by Torrey Searle)
-
- * --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
- And Expires Header In 200ok
- (Closes issue ASTERISK-22428. Reported by Ben Smithurst)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0
* Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.6.1-1:
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
- releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
- 10.12.4-digiumphones, and 11.6.1.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of these versions resolve the following issues:
-
- * A buffer overflow when receiving odd length 16 bit messages in app_sms. An
- infinite loop could occur which would overwrite memory when a message is
- received into the unpacksms16() function and the length of the message is an
- odd number of bytes.
-
- * Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
- now marks certain individual dialplan functions as 'dangerous', which will
- inhibit their execution from external sources.
-
- A 'dangerous' function is one which results in a privilege escalation. For
- example, if one were to read the channel variable SHELL(rm -rf /) Bad
- Things(TM) could happen; even if the external source has only read
- permissions.
-
- Execution from external sources may be enabled by setting 'live_dangerously'
- to 'yes' in the [options] section of asterisk.conf. Although doing so is not
- recommended.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2013-006 and AST-2013-007, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- ChangeLog-1.8.15-cert4 - ChangeLog-11.2-cert3 - ChangeLog-1.8.24.1 - ChangeLog-10.12.4 - ChangeLog-10.12.4-digiumphones - ChangeLog-11.6.1 -
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
- * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
* Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.6.0-1:
- The Asterisk Development Team has announced the release of Asterisk 11.6.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 11.6.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Confbridge: empty conference not being torn down
- (Closes issue ASTERISK-21859. Reported by Chris Gentle)
-
- * --- Let Queue wrap up time influence member availability
- (Closes issue ASTERISK-22189. Reported by Tony Lewis)
-
- * --- Fix a longstanding issue with MFC-R2 configuration that
- prevented users
- (Closes issue ASTERISK-21117. Reported by Rafael Angulo)
-
- * --- chan_iax2: Fix saving the wrong expiry time in astdb.
- (Closes issue ASTERISK-22504. Reported by Stefan Wachtler)
-
- * --- Fix segfault for certain invalid WebSocket input.
- (Closes issue ASTERISK-21825. Reported by Alfred Farrugia)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0
------------------------------------------------------------------------------- - ChangeLog:
* Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.7.0-1: - The Asterisk Development Team has announced the release of Asterisk 11.7.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.7.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- app_confbridge: Can now set the language used for announcements - to the conference. - (Closes issue ASTERISK-19983. Reported by Jonathan White) - - * --- app_queue: Fix CLI "queue remove member" queue_log entry. - (Closes issue ASTERISK-21826. Reported by Oscar Esteve) - - * --- chan_sip: Do not increment the SDP version between 183 and 200 - responses. - (Closes issue ASTERISK-21204. Reported by NITESH BANSAL) - - * --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls - (Closes issue ASTERISK-22005. Reported by Torrey Searle) - - * --- chan_sip: Fix Realtime Peer Update Problem When Un-registering - And Expires Header In 200ok - (Closes issue ASTERISK-22428. Reported by Ben Smithurst) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0 * Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.6.1-1: - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security - releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4, - 10.12.4-digiumphones, and 11.6.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolve the following issues: - - * A buffer overflow when receiving odd length 16 bit messages in app_sms. An - infinite loop could occur which would overwrite memory when a message is - received into the unpacksms16() function and the length of the message is an - odd number of bytes. - - * Prevent permissions escalation in the Asterisk Manager Interface. Asterisk - now marks certain individual dialplan functions as 'dangerous', which will - inhibit their execution from external sources. - - A 'dangerous' function is one which results in a privilege escalation. For - example, if one were to read the channel variable SHELL(rm -rf /) Bad - Things(TM) could happen; even if the external source has only read - permissions. - - Execution from external sources may be enabled by setting 'live_dangerously' - to 'yes' in the [options] section of asterisk.conf. Although doing so is not - recommended. - - These issues and their resolutions are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2013-006 and AST-2013-007, which were - released at the same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - ChangeLog-1.8.15-cert4 - ChangeLog-11.2-cert3 - ChangeLog-1.8.24.1 - ChangeLog-10.12.4 - ChangeLog-10.12.4-digiumphones - ChangeLog-11.6.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf - * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf * Sat Dec 28 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.6.0-1: - The Asterisk Development Team has announced the release of Asterisk 11.6.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.6.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- Confbridge: empty conference not being torn down - (Closes issue ASTERISK-21859. Reported by Chris Gentle) - - * --- Let Queue wrap up time influence member availability - (Closes issue ASTERISK-22189. Reported by Tony Lewis) - - * --- Fix a longstanding issue with MFC-R2 configuration that - prevented users - (Closes issue ASTERISK-21117. Reported by Rafael Angulo) - - * --- chan_iax2: Fix saving the wrong expiry time in astdb. - (Closes issue ASTERISK-22504. Reported by Stefan Wachtler) - - * --- Fix segfault for certain invalid WebSocket input. - (Closes issue ASTERISK-21825. Reported by Alfred Farrugia) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0 * Mon Oct 21 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.5.1-3: - Disable hardened build, as it's apparently causing problems loading modules. * Thu Aug 29 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.5.1-2: - Enable hardened build BZ#954338 - Significant clean ups * Thu Aug 29 2013 Jeffrey Ollie <jeff@ocjtech.us> - 11.5.1-1: - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security releases - are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones, - and 11.5.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolve the following issues: - - * A remotely exploitable crash vulnerability exists in the SIP channel driver if - an ACK with SDP is received after the channel has been terminated. The - handling code incorrectly assumes that the channel will always be present. - - * A remotely exploitable crash vulnerability exists in the SIP channel driver if - an invalid SDP is sent in a SIP request that defines media descriptions before - connection information. The handling code incorrectly attempts to reference - the socket address information even though that information has not yet been - set. - - These issues and their resolutions are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2013-004 and AST-2013-005, which were - released at the same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - ChangeLog-1.8.15-cert3 - ChangeLog-11.2-cert2 - ChangeLog-1.8.23.1 - ChangeLog-10.12.3 - ChangeLog-10.12.3-digiumphones - ChangeLog-11.5.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2013-004.pdf - * http://downloads.asterisk.org/pub/security/AST-2013-005.pdf - - The Asterisk Development Team has announced the release of Asterisk 11.5.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.5.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following is a sample of the issues resolved in this release: - - * --- Fix Segfault In app_queue When "persistentmembers" Is Enabled - And Using Realtime - (Closes issue ASTERISK-21738. Reported by JoshE) - - * --- IAX2: fix race condition with nativebridge transfers. - (Closes issue ASTERISK-21409. Reported by alecdavis) - - * --- Fix The Payload Being Set On CN Packets And Do Not Set Marker - Bit - (Closes issue ASTERISK-21246. Reported by Peter Katzmann) - - * --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls - Initiated By PBX - (Closes issue ASTERISK-21374. Reported by Michael L. Young) - - * --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent - out after retries fail - (Closes issue ASTERISK-21677. Reported by Dan Martens) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0 * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 11.4.0-2.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 11.4.0-2.1 - Perl 5.18 rebuild * Fri May 24 2013 Rex Dieter <rdieter@fedoraproject.org> 11.4.0-2 - rebuild (libical) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1043917 - asterisk: asterisk manager user dialplan permission escalation https://bugzilla.redhat.com/show_bug.cgi?id=1043917 [ 2 ] Bug #1043918 - CVE-2013-7100 asterisk: buffer overflow when receiving odd length 16 bit SMS message https://bugzilla.redhat.com/show_bug.cgi?id=1043918 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|