There was a vulnerability in FreePBX which has been fixed but was posted to the BugTraq mailing list. Make sure your systems are up to date.
FreePBX web interface remote vulnerability
The admin username and password for the web interface is stored in plain text in this publicly accessible file:
http://yourip/admin/modules/framework/bin/gen_amp_conf.php
Which allows a hacker to access the web GUI and view the secrets(passwords) for each extension in plain test, as well as change the outbound routes.
Starting with this year’s release of Asterisk 11 (scheduled for October, just in time for AstriCon), the Asterisk release policy will be changed in order to provide Long Term Support (LTS) releases on a more frequent basis.
A little background: Asterisk 1.4, released in late 2006, was the first release labeled with the ‘LTS’ designation (although that didn’t happen until years later, when the Asterisk development team started using that designation). Asterisk 1.8, released in late 2010, was the second release labeled ‘LTS’. Asterisk 10 was released earlier this year, and is a standard (not LTS) release.
Until recently, the plan has been to make LTS releases every three years, and make two standard releases in between those releases. However, since standard releases have a limited support lifetime, customers have requested releases that they can use for longer periods of time to be made on a more frequent basis.
The release of Asterisk 1.8.9.1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
(Closes issue ASTERISK-19285. Reported by: Alex Villacis Lasso)
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
(Closes issue ASTERISK-18951. Reported-by: Kristijan Vrban)
For a full list of changes in this release, please see the ChangeLog:
The release of Asterisk 10.1.1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
(Closes issue ASTERISK-19285. Reported by: Alex Villacis Lasso)
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
(Closes issue ASTERISK-18951. Reported-by: Kristijan Vrban)
For a full list of changes in this release, please see the ChangeLog:
Steven Sokol has posted details of the release of Digium phones for Asterisk:
It’s official! Today, we are pleased to provide a sneak preview of the NEW family of high-definition Digium IP phones, designed exclusively for Asterisk. The phones will officially launch and be available to ship in April 2012. As a part of the Asterisk Community, we want to provide you with an opportunity to learn more about the phones and see our special early release video announcement.
What makes the new Digium IP phones special? These are the first phones designed to fully leverage the power of Asterisk, the world’s most widely adopted open source communications software, and Switchvox, Digium’s award-winning unified communications (UC) system. With Digium technology on both the server and the phone, you will benefit from the best possible performance, unprecedented integration and a uniquely customizable phone system – all at an extremely competitive price.
"Digium’s new phones mark the launch of the next chapter in our history of innovation. These are the first phones designed specifically for Asterisk—with the tightest integration possible between the phones and Asterisk. The success of Asterisk began with the transfer of power from the hands of the proprietary phone vendors to the hands of end users and administrators of phone systems. And now we’ve done it again by bringing control to the desk phone."
- Danny Windham, President and CEO of Digium
Extending Digium’s history of innovation, these IP phones include an app engine with a simple yet powerful JavaScript API that lets you, or programmers in your organization, create custom apps that run on the phones. A suite of productivity applications has been created that work with both Asterisk and Switchvox.
"The app engine is a game-changing feature that will allow developers to write their own apps that run on the phones. We have a community of more than 80,000 users and developers who create amazing things with Asterisk. I look forward to seeing the cool apps they will create with these innovative phones. As usual, we’re enabling developers to create solutions limited only by their imaginations."
- Mark Spencer, Founder and Chief Technology Officer of Digium
The Digium IP phones include the following models:
D40—An entry-level HD IP phone with 2-line keys. This is Digium’s best value phone, designed for any employee in the company.
D50—A mid-level HD IP phone with 4-line keys and 10 rapid dial/busy lamp field (BLF) keys with an easy to print paper label strip for the user’s most important contacts. This model is perfect for managers or users who need easy access to their key contacts and features directly from the desk phone.
D70—An executive-level HD IP phone with 6-line keys and 10 rapid dial/busy lamp field (BLF) keys and real-time status information displayed on an additional LCD screen, allowing users to quickly navigate through up to 100 of their most important contacts. Designed for administrators or executives, the D70 offers top-of-the-line features.
This is an exciting time in Digium’s history and we are glad to have you as a part of the Asterisk Community as we prepare to officially launch Digium phones!
Once again, we invite you to share in our excitement and watch this special message from our founder, Mark Spencer, and our CEO, Danny Windham. We also hope you will take a moment to learn more about extending the power of Asterisk with Digium IP phones.
Best regards,
Steve Sokol
Digium, Inc. | Asterisk Marketing Director
Asterisk 10.0.0-rc1 Now Available November 11, 2011 Average Vote: 10
The Asterisk Development Team is pleased to announce the first release candidate of Asterisk 10.0.0.
Asterisk 1.10 branch created July 14, 2011 Average Vote: 10
At 8:34am New Zealand time this morning a branch named 1.10 was created.
oFono 1.0 has been released November 10, 2011 Average Vote: 10
Steve Totaro has forwarded details of the latest release of a project called oFono.
Asterisk Trunk moves from Berkley DB to SQLite 3. July 7, 2011 Average Vote: 10
While reading through the commit logs this morning I noticed that the planned change to SQLite 3 as the backend database has taken place.
Chapter on Asterisk Architecture May 27, 2011 Average Vote: 10
Russell Bryant has posted a note about a chapter on Asterisk Architecture.
espeak module for Asterisk August 22, 2011 Average Vote: 10
Lefteris Zafiris has posted details of a new version of the app_espeak application for Asterisk - another speech synthesizer.
Asterisk 10.0.0-beta2 Now Available September 28, 2011 Average Vote: 10
The Asterisk Development Team is pleased to announce the second beta release of Asterisk 10.0.0.
Introducing the new ConfBridge February 24, 2011 Average Vote: 10
David Vossel has posted details of the new ConfBridge in Asterisk.
Developer Information Update August 16, 2011 Average Vote: 10
Kevin has posted a note asking developers with commit privileges to create a personal space on the Asterisk wiki.
FreePBX Remote Exploit February 17, 2012 There was a vulnerability in FreePBX which has been fixed but was posted to the BugTraq mailing list. Make sure your systems are up to date.
AstLinux 1.01 Released January 16, 2012 The AstLinux Team would like to announce the release of 1.0.1. This version is available with either Asterisk 1.4.43 or Asterisk 1.8.8.3.
Asterisk 1.6.2.22 Now Available December 20, 2011 The Asterisk Development Team has announced the release of Asterisk 1.6.2.22.
Asterisk 1.8.8.0 Now Available December 19, 2011 The Asterisk Development Team is pleased to announce the release of Asterisk 1.8.8.0.
