Digium AA50, Security and Bugfix Release


I’m back, with an update from the AA50 software front.  This time, it’s just a minor bug-fix update, release, that’s now available for download on the BE portal:


What are the changes?

We’ve implemented fixes to cover three security advisories:

AST-2008-002 – Two buffer overflows in RTP Codec Payload Handling

AST-2008-003 – Unauthenticated calls allowed from SIP channel driver

AST-2008-005 – HTTP Manager ID is predictable

We also:

  • Changed the Bandwidth.com IP address, so setup of the provider via the GUI handles their recent change in IP. 
  • Fixed a uninitialized variable bug in the DTMF generation that