MORE Asterisk Security Fixes

wardmundy · #1 03-16-11, 08:23 PM

New versions of Asterisk were released tonight. We'll have the updates implemented shortly. If you're using our security model with all ports locked down behind a hardware-based firewall, these issues should not affect your servers. Otherwise, you'll want to upgrade ASAP!

wardmundy · #2 03-17-11, 08:48 AM

PIAF-Bronze and PIAF-Purple downloads now include Asterisk 1.6.2.17.1 and 1.8.3.1 described above. Ignore the version typo in the referenced headline.

Asterisk 1.6.1.23, 1.6.1.17.1 and 1.8.3.1 Now Available (Security Releases)

should read:

Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 Now Available (Security Releases)

darmock · #3 03-17-11, 09:02 AM

Also update-source had a small bug in it where when upgrading purple it did not compare the running versus source version correctly and a warning message was generated in error.

BTW Did I mention that update-source is EXPERIMENTAL?

This has now been corrected.

In order to obtain the latest version of update-source run update-programs

Tom

wardmundy · #4 03-18-11, 12:58 PM

PIAF-Bronze and PIAF-Purple downloads now include the new, new, new Asterisk 1.6.2.17.2 and 1.8.3.2 reissues. NOTE: Asterisk 1.4 has NOT yet been patched to eliminate this vulnerability.

darmock · #5 03-18-11, 02:40 PM

FYI the interactions between freepbx's asterisk status bar and asterisk seems to be resolved in 1.8.3.2 Also the duplicating log entries seems to have gone away.

Freepbx restore is still having problems been testing it and it consistently causes errors in certain fields when restored. For example the email field under Extensions > voicemail has Value: 123@123.com Value:

When you attempt to edit this field and correct the entry is is now non editable. Course I am using the latest version of FPBX 2.8.x and NOT 2.9 beta.

Still debugging it..... yes fpbx guys have been notified who know how important it is.

Tom