Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.
14.6.220 Sep 2017 18:05
AST-2017-008: Improve RTP and RTCP packet processing.
Validate RTCP packets before processing them.
Validate that the received packet is of a minimum length and apply the
RFC3550 RTCP packet validation checks.
Potentially reading garbage beyond the received RTCP record data.
Rtp- themssrc only being set once when the remote could change.
The SSRC. We would effectively stop handling the RTCP statistic records.
Rtp- themssrc to not treat a zero value as special by adding.
Rtp- themssrc_valid to indicate if rtp- themssrc is available. strict RTP learning from always accepting the first new address
Packet as the new stream.
Strict RTP to initialize the expected sequence number with the.
Last received sequence number instead of the last transmitted sequence
The predicted next sequence number calculation in.
Rtp_learning_rtp_seq_update() to handle overflow.
14.6.102 Sep 2017 06:45
Pjsip_message_ip_updater: handling "tel" URIs
Sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional.
Cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri- other_param.
Added PJSIP_URI_SCHEME_IS_SIP(uri) PJSIP_URI_SCHEME_IS_SIPS(uri).
Checks before attempting to cast or use the returned uri. AST-2017-006: app_minivm application MinivmNotify command injection
An admin can configure app_minivm with an externnotify program to be run.
When a voicemail is received. The app_minivm application MinivmNotify
Uses ast_safe_system() for this purpose which is vulnerable to command
Injection since the Caller-ID name and number values given to externnotify
Can come from an external untrusted source.
Add ast_safe_execvp() function. This gives modules the ability to run.
External commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new.
Function does not allow malicious input to break argument encoding. This
May be of particular concern where CALLERID(name) or CALLERID(num) may be
Used as a parameter to a script run by ast_safe_system() which could
Potentially allow arbitrary command execution.
Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp().
Instead of ast_safe_system() to avoid command injection.
Document code injection potential from untrusted data sources for other.
Shell commands that are under user control. res_rtp_asterisk: Only learn a new source in learn state.
This change moves the logic which learns a new source address.
For RTP so it only occurs in the learning state. The learning
State is entered on initial allocation of RTP or if we are
Told that the remote address for the media has changed. While
in the learning state if we continue to receive media from.
The original source we restart the learning process. It is
Only once we receive a sufficien
14.4.121 May 2017 12:25
AST-2017-003: Handle zero-length body parts correctly. AST-2017-004: chan_skinny: Add EOF check in skinny_session
The while(1) loop in skinny_session wasn't checking for EOF so
a packet that was longer than a header but still truncated.
Would spin the while loop infinitely. Not only does this
Permanently tie up a thread and drive a core to 100 utilization,
The call of ast_log() in such a tight loop eats all available
Added poll with timeout to top of read loop.
AST-2017-002: Ensure transaction key buffer is large enough.
14.3.106 Apr 2017 06:45
CDR: Protect from data overflow in ast_cdr_setuserfield.
Ast_cdr_setuserfield wrote to a length field using strcpy. This could.
Result in a buffer overrun when called from chan_sip or func_cdr. This patch
Adds a maximum bytes written to the field by using ast_copy_string instead.
14.2.109 Dec 2016 23:45
Update for 14.2.1
chan_sip: Do not allow non-SP/HTAB between header key and colon.
RFC says SIP headers look like:
HCOLON = *( SP / HTAB ) ":" SWS
SWS = LWS ; sep whitespace
LWS = *WSP CRLF 1*WSP ; linear whitespace
WSP = SP / HTAB ; from rfc2234.
chan_sip implemented this:
HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = x00-1F ; CTL without DEL.
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with x00- x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP. res_format_attr_opus: crash when fmtp contains spaces.
When an opus offer or answer was received that contained an
fmtp line with spaces between the attributes the module would
fail to properly parse it and crash due to recursion.
This change makes the module handle the space properly and
also removes the recursion requirement.
14.1.212 Nov 2016 10:05
Revert "chan_sip: lastrtprx always updated"
This reverts commit 93332cb1d0eea18021ea6538237297e627d6e2fc.
Unfortunately, the aforementioned commit caused a regression (incoming calls
would eventually disconnect). Thus it is being removed.
14.1.103 Nov 2016 19:25
App_voicemail: Clear voice mailbox in MailboxExists and MAILBOX_EXISTS.
When executing the MailboxExists dialplan application and
MAILBOX_EXISTS dialplan function the passed in temporary voice.
Mailbox was not cleared, causing it to try to free garbage.
14.0.204 Oct 2016 03:15
Release summaries: Remove previous versions
version: Update for 14.0.2.
lastclean: Update for 14.0.2.
realtime: Add database scripts for 14.0.2.
logger: Output early verbose messages to console.
Verbose messages should be printed to the console if the sublevel is
less than option_verbose. This ensures the welcome message with
copyright and license are printed at daemon and interactive rasterisk
startup. Remove "format_ogg_opus: New format".
This reverts commit 40aa28131bc30b4516da2b20eb1a1e043920169c. download_externals: with re-install.
Needed to ignore an xmlstarlet return code for optional element.
14.0.026 Sep 2016 20:45
asterisk 14.0.0 Released.