Monday, September 3, 2012

Asterisk 1.8.11 and Asterisk 1.8 and 10


The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
  • A permission escalation vulnerability in Asterisk Manager Interface. This
    would potentially allow remote authenticated users the ability to execute
    commands on the system shell with the privileges of the user running the
    Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
    file delivered with Asterisk has been updated due to this and other related
    vulnerabilities fixed in previous versions of Asterisk.
  • When an IAX2 call is made using the credentials of a peer defined in a
    dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
    peer are not applied to the call attempt. This allows for a remote attacker
    who is aware of a peer's credentials to bypass the ACL rules set for that
    peer.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.

Monday, July 23, 2012

Asterisk Voip Gateway

Asterisk supports many different communications protocols from both the modern world of VoIP and from the legacy PSTN. This makes it a powerful tool for building gateways and protocol converters.
VoIP Gateway
Below is a recipe for building a VoIP-to-PSTN gateway using Asterisk, an analog or digital telephony interface card and a standard PC server. The steps are as follows:
  1. Select your telephony interface hardware.
  2. Select your computer hardware.
  3. Install Asterisk
  4. Configure your connections
  5. Build your gateway dialplan

Asterisk ACD

With Asterisk you can build a powerful ACD for the cost of the server hardware and phones.


Step 1: Select Your Telephony Hardware

Telephony Card Asterisk applications that connect with legacy telephony systems (PBXs or the PSTN) require telephony interface hardware. Small system generally use analog or ISDN BRI connections. Larger systems (more than 12 lines) frequently use T1, E1 or J1 digital connections. If you're new to telephony, check out the Asterisk telephony by clicking the "More" link below.




Step 2: Select Your Computer Hardware

ComputerAsterisk can run on virtually any modern computer, but when building a production telephony application server you should follow a few basic best-practice guidelines. Click the "More" link below to learn the basic requirements for a solid Asterisk server.


Step 3: Install Linux & Asterisk

Once you have your Asterisk hardware the next step is software. You will either need to install Linux or use a ready-to-run distribution to install Linux, Asterisk and various related software packages. Since these application tutorials are intended to help you create custom telephony applications we will start with a generic installation of CentOS 5.3 and then install Asterisk from the Yum repository. This make it relatively easy to keep Asterisk up to date and avoids the complexities of hand compiling the Asterisk source code.


Step 4: Configure Connections

Now that Asterisk is installed and running you need to edit the system configuration files to implement connections to VoIP and PSTN services. Since this step is common to all applications (Asterisk doesn't do much good if it is not connected to anything) it contains information on creating both service connections (connections to VoIP or PSTN services) and endpoint connections (connections to phones or terminal adapters). Some applications require both service and endpoint connections (PBX, ACD) while others may require only service connections.

Wednesday, July 18, 2012

Asterisk 10.6.1 Now Available

The Asterisk Development Team has announced the release of Asterisk 10.6.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
  • --- Remove a superfluous and dangerous freeing of an SSL_CTX.
    (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!

Asterisk 1.8.14.1 Now Available

The Asterisk Development Team has announced the release of Asterisk 1.8.14.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.14.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
  • --- Remove a superfluous and dangerous freeing of an SSL_CTX.
    (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
Thank you for your continued support of Asterisk!

Tuesday, June 26, 2012

Asterisk 1.8.5-rc1 Now Available

The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
  • Fix Deadlock with attended transfer of SIP call
    (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
    cmaj)
  • Fixes thread blocking issue in the sip TCP/TLS implementation.
    (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
    rossbeer, kowalma, Freddi_Fonet)
  • Be more tolerant of what URI we accept for call completion PUBLISH requests.
    (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
  • Fix a nasty chanspy bug which was causing a channel leak every time a spied on
    channel made a call.
    (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
  • This patch fixes a bug with MeetMe behavior where the 'P' option for always
    prompting for a pin is ignored for the first caller.
    (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
  • Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
    the call that the dialplan started an AGI script for is hungup while the AGI
    script is in the middle of a command then the AGI script is not notified of
    the hangup.
    (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
  • Resolve issue where leaving a voicemail, the MWI message is never sent. The
    same thing happens when checking a voicemail and marking it as read.
    (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
    Mudgett)
  • Resolve issue where wait for leader with Music On Hold allows crosstalk
    between participants. Parenthesis in the wrong position. Regression from issue
    #14365 when expanding conference flags to use 64 bits.
    (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
  • Fix timerfd locking issue.
    (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
Thank you for your continued support of Asterisk!

Asterisk 10.5.1 Now Available

The Asterisk Development Team has announced a security release for Asterisk 10.
This security release is released as version 10.5.1.
The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 10.5.1 resolves the following issue:
  • A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
    Channel driver. When an SCCP client sends an Off Hook message, followed by
    a Key Pad Button Message, a structure that was previously set to NULL is
    dereferenced. This allows remote authenticated connections the ability to
    cause a crash in the server, denying services to legitimate users.