Digium AA50, 1.1.0.2 Security and Bugfix Release

By Malcolm Davenport

Aloha,

I’m back, with an update from the AA50 software front.  This time, it’s just a minor bug-fix update, release 1.1.0.2, that’s now available for download on the BE portal:

https://be.digium.com

What are the changes?

We’ve implemented fixes to cover three security advisories:

AST-2008-002 – Two buffer overflows in RTP Codec Payload Handling

AST-2008-003 – Unauthenticated calls allowed from SIP channel driver

AST-2008-005 – HTTP Manager ID is predictable

We also:

  • Changed the Bandwidth.com IP address, so setup of the provider via the GUI handles their recent change in IP. 
  • Fixed a uninitialized variable bug in the DTMF generation that would occasionally corrupt tone generation.
  • Changed the behavior of the WAN-side Polycom provisioning so that, when WAN-side provisioning is enabled, the LAN-side DHCP server continues to operate
  • The DTMF Mode on the Users tab in the GUI is now a drop-down box
  • And , we fixed a bug where the ‘disallow all’ checkbox on the VoIP Providers menu disallowed all codecs, even when some were allowed

So, nothing too fancy on the new features front, but three important security fixes.

Cheers.

Related Posts

There Are 3 Comments

Add to the Discussion

Your email address will not be published. Required fields are marked *

About the Author

Malcolm Davenport

Digium lifer, celebrator of 17 Digium birthdays, and Digium employee #4. "I like telephony and I cannot lie. You other vendors can't deny; When a call comes in with MOS so you can't hear and some echo in your ear you get angry!" - Sir Mix-a-Malcolm

See All of Malcolm's Articles