Monday, September 3, 2012

Asterisk 1.8.11 and Asterisk 1.8 and 10

Submitted by asteriskteam on Thu, 08/30/2012 - 14:18
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:

A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.

These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.

Monday, July 23, 2012

Asterisk Voip Gateway

Asterisk supports many different communications protocols from both the modern world of VoIP and from the legacy PSTN. This makes it a powerful tool for building gateways and protocol converters.

Below is a recipe for building a VoIP-to-PSTN gateway using Asterisk, an analog or digital telephony interface card and a standard PC server. The steps are as follows:

Select your telephony interface hardware.
Select your computer hardware.
Install Asterisk
Configure your connections
Build your gateway dialplan

Asterisk ACD

With Asterisk you can build a powerful ACD for the cost of the server hardware and phones.

Step 1: Select Your Telephony Hardware

Asterisk applications that connect with legacy telephony systems (PBXs or the PSTN) require telephony interface hardware. Small system generally use analog or ISDN BRI connections. Larger systems (more than 12 lines) frequently use T1, E1 or J1 digital connections. If you're new to telephony, check out the Asterisk telephony by clicking the "More" link below.

Step 2: Select Your Computer Hardware

Asterisk can run on virtually any modern computer, but when building a production telephony application server you should follow a few basic best-practice guidelines. Click the "More" link below to learn the basic requirements for a solid Asterisk server.

Step 3: Install Linux & Asterisk

Once you have your Asterisk hardware the next step is software. You will either need to install Linux or use a ready-to-run distribution to install Linux, Asterisk and various related software packages. Since these application tutorials are intended to help you create custom telephony applications we will start with a generic installation of CentOS 5.3 and then install Asterisk from the Yum repository. This make it relatively easy to keep Asterisk up to date and avoids the complexities of hand compiling the Asterisk source code.

Step 4: Configure Connections

Now that Asterisk is installed and running you need to edit the system configuration files to implement connections to VoIP and PSTN services. Since this step is common to all applications (Asterisk doesn't do much good if it is not connected to anything) it contains information on creating both service connections (connections to VoIP or PSTN services) and endpoint connections (connections to phones or terminal adapters). Some applications require both service and endpoint connections (PBX, ACD) while others may require only service connections.

Wednesday, July 18, 2012

Asterisk 10.6.1 Now Available

The Asterisk Development Team has announced the release of Asterisk 10.6.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:

--- Remove a superfluous and dangerous freeing of an SSL_CTX.
(Closes issue ASTERISK-20074. Reported by Trevor Helmsley)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!

Asterisk 1.8.14.1 Now Available

The Asterisk Development Team has announced the release of Asterisk 1.8.14.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.14.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:

--- Remove a superfluous and dangerous freeing of an SSL_CTX.
(Closes issue ASTERISK-20074. Reported by Trevor Helmsley)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
Thank you for your continued support of Asterisk!

Tuesday, June 26, 2012

Asterisk 1.8.5-rc1 Now Available

The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:

Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
cmaj)
Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
rossbeer, kowalma, Freddi_Fonet)
Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
Fix a nasty chanspy bug which was causing a channel leak every time a spied on
channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
This patch fixes a bug with MeetMe behavior where the 'P' option for always
prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant)
Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
the call that the dialplan started an AGI script for is hungup while the AGI
script is in the middle of a command then the AGI script is not notified of
the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
Resolve issue where leaving a voicemail, the MWI message is never sent. The
same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
Mudgett)
Resolve issue where wait for leader with Music On Hold allows crosstalk
between participants. Parenthesis in the wrong position. Regression from issue
#14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
Fix timerfd locking issue.
(Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)

For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
Thank you for your continued support of Asterisk!

Asterisk 10.5.1 Now Available

The Asterisk Development Team has announced a security release for Asterisk 10.
This security release is released as version 10.5.1.
The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 10.5.1 resolves the following issue:

A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client sends an Off Hook message, followed by
a Key Pad Button Message, a structure that was previously set to NULL is
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.

Monday, June 4, 2012

Denphone Asterisk PBX Solution

Denphone Telephone Systems and Solutions : Japan's most flexible PBX solution

We provide the Denphone range of PC/Linux based software PBX systems. Our solutions are based on the Asterisk open source architecture and support a wide variety of configurations and connectivity options.

Hardware choices are made depending on the number of phones to be connected, the desirability of redundant systems compared with budget expectations in order to find the most cost effective solution. The majority of our installations in the 200-300 phone range run on standard rack mount servers from vendors such as Dell or HP. We also normally recommend Dell or Yamaha POE switches although we do install Cisco switches where requested.

Wednesday, May 23, 2012

Helping Your Company do better Business With Voip

VoIP is replacing conventional telephone services; there are 30 million or more users by now. To penetrate the market there are few hindrances which are to be overdone, since VoIP is a hot industry in current days, the market is saturated and hindrances do come across. The question here is how you can help your Company do better business? And what setup should be there in order to capture the market chunk? Breezecom is among all the big exiting players and fulfills all the benchmarks and is heading to success.

The world has witnessed many revolutionary changes in the current century with information technology sector leading from the front. Many ground breaking methods of communication evolved due to this advancement. People started to use these new found ways of keeping in touch with their friends and family enabling more users for a specific product or service. VoIP is one such technology commonly used nowadays.

The primary two things which anyone in the VOIP industry seeks are the Price and Quality. The lowest price is not always the best service but it shouldn’t be too high with respect to market at the same time. And when you buy keep in mind to choose a provider that has a price that is reasonable with the competition, but not a low cost provider. Price change should be there in accordance with the market. When you buy VOIP, Price is only one of many factors that should be evaluated.

When buying or selling, get the idea of the second party as it’s very important in terms that it’s a long term relationship and not few days. Get the idea of business counterpart with the outlay they have in the Website, the domains they have, the legal system, the payment mode diversity. Like a car, a test drive gives clear idea what the car is like! Likewise these factors help evaluate the counterpart well.

Setting up a place for customers to call and allow important clients access both to your business and your employees is also important and holds vital position. Meeting customers enhances the trust and confidence level in the long run.

Your VOIP network should be strong, and make sure that it does not have problem. Even simple networks can have problems that will affect the quality of VoIP calls. Make sure that your switches are in good shape and that your computers are running efficiently.

Provision of user friendly CRM is another factor which holds quite a big importance. It should give access to the customer if he wants to see CDRs and many other options for the customers. Breezecom provides provision of real time CDRs in the Customer Relationship Panel. Also 24/7 efficient customer support and technical service should be available.

VOIP is spreading day by day and the competition is getting tougher day by day. It has been proven that consumers will save a bundle of money by transitioning away from the traditional telephone companies and switching to a VoIP provider.

Article Source:
http://www.articlecity.com/articles/business_and_finance/article_16046.shtml

Sunday, May 6, 2012

Digium IP Phones

Digium manufactures a line of SIP phones that are built specifically for use with Asterisk and Asterisk-based phone systems. The phones support all of the standard SIP features and include a number of enhancements including easy provisioning, direct integration with Asterisk features and an open API that allows end user and integrators to write custom applications that run on the phones.

Digium D40 - A 2-line SIP phone with HD voice and PoE support.

Digium D50 - A 4-line SIP phone with 10 rapid dial buttons with busy lamp field indicators for your most important contacts.

Digium D70 - A 6-line SIP phone with 10 digital rapid dial buttons with real-time status information and busy lamp field indicators for 100 of your most important contacts.

Wednesday, April 4, 2012

Asterisk 1.4.44, 16.2.23, 1.8.10.1, 10.2.1 Now Available (Security Release)

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein app_milliwatt
can potentially overrun a buffer on the stack, causing Asterisk to crash. This
does not have the potential for remote code execution.

The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they
resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun
on the stack, but no remote code execution is possible. Second, they resolve
an issue in HTTP AMI where digest authentication information can be used to
overrun a buffer on the stack, allowing for code injection and execution.

These issues and their resolution are described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2012-002 and AST-2012-003, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

The security advisories are available at:

http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
http://downloads.asterisk.org/pub/security/AST-2012-003.pdf

Asterisk 1.8.11.0 Now Available

The following are the issues resolved in this release:

--- Fix potential buffer overrun and memory leak when executing "sip
show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)
--- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)
--- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)
--- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)
--- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)
--- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0

Asterisk PBX