Digium AA50, 1.1.0.2 Security and Bugfix Release

Aloha,

I’m back, with an update from the AA50 software front.  This time, it’s just a minor bug-fix update, release 1.1.0.2, that’s now available for download on the BE portal:

https://be.digium.com

What are the changes?

We’ve implemented fixes to cover three security advisories:

AST-2008-002 - Two buffer overflows in RTP Codec Payload Handling

AST-2008-003 – Unauthenticated calls allowed from SIP channel driver

AST-2008-005 – HTTP Manager ID is predictable

We also:

  • Changed the Bandwidth.com IP address, so setup of the provider via the GUI handles their recent change in IP. 
  • Fixed a uninitialized variable bug in the DTMF generation that would occasionally corrupt tone generation.
Continued