bubblestar

Gosh! 尋日update 完，今日又要做。

ckleea

The Asterisk Development Team has announced the release of Asterisk 10.1.3.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 10.1.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)

* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... sk/ChangeLog-10.1.3

Thank you for your continued support of Asterisk!

ckleea

The Asterisk Development Team has announced the release of Asterisk 1.8.9.3.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.8.9.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)

* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... k/ChangeLog-1.8.9.3

Thank you for your continued support of Asterisk!

ckleea

The Asterisk Development Team has announced the release of Asterisk 1.8.10.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.8.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
(Closes issue ASTERISK-19430. Reported by Schmooze Com)

* --- Include iLBC source code for distribution with Asterisk ---
(Closes issue ASTERISK-18943. Reported by Leif Madsen)

* --- Fix callerid of originated calls ---
(Closes issue ASTERISK-19385. Reported by ornix)

* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
(Closes issue ASTERISK-19233. Reported, patched by Matt Behrens)

* --- Create and initialize udptl only when dialog requests image media ---
(Closes issue ASTERISK-16794.  Reported by under, tested by Stefan Schmidt)

* --- Don't prematurely stop SIP session timer ---
(Closes issue ASTERISK-18996.  Reported by Thomas Arimont)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... /ChangeLog-1.8.10.0

Thank you for your continued support of Asterisk!

ckleea

The Asterisk Development Team has announced the release of Asterisk 10.2.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 10.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
(Closes issue ASTERISK-19430. Reported by Schmooze Com)

* --- Include iLBC source code for distribution with Asterisk ---
(Closes issue ASTERISK-18943. Reported by Leif Madsen)

* --- Fix callerid of originated calls ---
(Closes issue ASTERISK-19385. Reported by ornix)

* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
(Closes issue ASTERISK-19233. Reported, patched by Matt Behrens)

* --- Create and initialize udptl only when dialog requests image media ---
(Closes issue ASTERISK-16794.  Reported by under, tested by Stefan Schmidt)

* --- Don't prematurely stop SIP session timer ---
(Closes issue ASTERISK-18996.  Reported by Thomas Arimont)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... sk/ChangeLog-10.2.0

Thank you for your continued support of Asterisk!

bubblestar

AsteriskNOW 2.01 beta 1 32-bit DVD Image is also available now.  Hope this latest release can have a better GUI support.

For the sake of stability, I would rather wait for the official release instead of using this BETA version.

ckleea

回復 216# bubblestar


    It is still FreePBX based

ckleea

The Asterisk Development Team has announced security releases for Asterisk 1.4,
1.6.2, 1.8, and 10. The available security releases are released as versions
1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein app_milliwatt
can potentially overrun a buffer on the stack, causing Asterisk to crash.  This
does not have the potential for remote code execution.

The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.  First, they
resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun
on the stack, but no remote code execution is possible.  Second, they resolve
an issue in HTTP AMI where digest authentication information can be used to
overrun a buffer on the stack, allowing for code injection and execution.

These issues and their resolution are described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2012-002 and AST-2012-003, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pu ... es/ChangeLog-1.4.44
http://downloads.asterisk.org/pu ... /ChangeLog-1.6.2.23
http://downloads.asterisk.org/pu ... /ChangeLog-1.8.10.1
http://downloads.asterisk.org/pu ... es/ChangeLog-10.2.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf

Thank you for your continued support of Asterisk!

bubblestar

一星期兩次?! 但是Security release，一於update 啦。

ckleea

The Asterisk Development Team has announced the release of Asterisk 10.3.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix potential buffer overrun and memory leak when executing "sip
     show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)

* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)

* --- Remove possible segfaults from res_odbc by adding locks around
     usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)

* --- Fix blind transfer parking issues if the dialed extension is not
     recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)

* --- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)

* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... sk/ChangeLog-10.3.0

Thank you for your continued support of Asterisk!

ckleea

The Asterisk Development Team has announced the release of Asterisk 1.8.11.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix potential buffer overrun and memory leak when executing "sip
     show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)

* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)

* --- Remove possible segfaults from res_odbc by adding locks around
     usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)

* --- Fix blind transfer parking issues if the dialed extension is not
     recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)

* --- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)

* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pu ... /ChangeLog-1.8.11.0

Thank you for your continued support of Asterisk!

ckleea

回復 219# bubblestar


    又嚟 Update，你又要忙餐飽！

bubblestar

回復 222# ckleea


   
係呀，係呀! 但它做咗咁多bug fixes，都係update 一下啦，況且現在Backup 及 restore 的程序基本上都可以駕御。信心大了，有事都可以roll back的。

ckleea

The Asterisk Development Team has announced security releases for Asterisk 1.6.2,
1.8, and 10. The available security releases are released as versions 1.6.2.24,
1.8.11.1, and 10.3.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two
issues:

* A permission escalation vulnerability in Asterisk Manager Interface.  This
  would potentially allow remote authenticated users the ability to execute
  commands on the system shell with the privileges of the user running the
  Asterisk application.

* A heap overflow vulnerability in the Skinny Channel driver.  The keypad
  button message event failed to check the length of a fixed length buffer
  before appending a received digit to the end of that buffer.  A remote
  authenticated user could send sufficient keypad button message events that the
  buffer would be overrun.

In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following
issue:

* A remote crash vulnerability in the SIP channel driver when processing UPDATE
  requests.  If a SIP UPDATE request was received indicating a connected line
  update after a channel was terminated but before the final destruction of the
  associated SIP dialog, Asterisk would attempt a connected line update on a
  non-existing channel, causing a crash.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pu ... /ChangeLog-1.6.2.24
http://downloads.asterisk.org/pu ... /ChangeLog-1.8.11.1
http://downloads.asterisk.org/pu ... es/ChangeLog-10.3.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-006.pdf

Thank you for your continued support of Asterisk!

ckleea

Asterisk Project Security Advisory - AST-2012-004

         Product         Asterisk
         Summary         Asterisk Manager User Unauthorized Shell Access
    Nature of Advisory   Permission Escalation
      Susceptibility     Remote Authenticated Sessions
         Severity        Minor
      Exploits Known     No
       Reported On       February 23, 2011
       Reported By       David Woolley
        Posted On        April 23, 2012
     Last Updated On     April 23, 2012
     Advisory Contact    Jonathan Rose < jrose AT digium DOT com >
         CVE Name

   Description  A user of the Asterisk Manager Interface can bypass a
                security check and execute shell commands when they lack
                permission to do so. Under normal conditions, a user should
                only be able to run shell commands if that user has System
                class authorization. Users could bypass this restriction by
                using the MixMonitor application with the originate action
                or by using either the GetVar or Status manager actions in
                combination with the SHELL and EVAL functions. The patch
                adds checks in each affected action to verify if a user has
                System class authorization. If the user does not have those
                authorizations, Asterisk rejects the action if it detects
                the use of any functions or applications that run system
                commands.

   Resolution  Asterisk now performs checks against manager commands that
               cause these behaviors for each of the affected actions.

                              Affected Versions
                Product               Release Series
         Asterisk Open Source            1.6.2.x      All versions
         Asterisk Open Source             1.8.x       All versions
         Asterisk Open Source              10.x       All versions
       Asterisk Business Edition          C.3.x       All versions

                                 Corrected In
                 Product                              Release
          Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1
        Asterisk Business Edition                     C.3.7.4

                                    Patches
                               SVN URL                               Revision
  http://downloads.asterisk.org/pu ... 2012-004-1.6.2.diff v1.6.2
  http://downloads.asterisk.org/pub/security/AST-2012-004-1.8.diff   v1.8
  http://downloads.asterisk.org/pub/security/AST-2012-004-10.diff    v10

      Links     https://issues.asterisk.org/jira/browse/ASTERISK-17465

   Asterisk Project Security Advisories are posted at
   http://www.asterisk.org/security

   This document may be superseded by later versions; if so, the latest
   version will be posted at
   http://downloads.digium.com/pub/security/AST-2012-004.pdf and
   http://downloads.digium.com/pub/security/AST-2012-004.html

                               Revision History
         Date                  Editor                 Revisions Made
   04/23/2012               Jonathan Rose             Initial Release

              Asterisk Project Security Advisory - AST-2012-004
             Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
                          original, unaltered form.


--