GNU Gatekeeper 4.7 has been released (security update)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

GNU Gatekeeper version 4.7 has just been released.

This version is purely a security update and has no new features. All
users are encouraged to update, especially if you use port detection
(IgnoreSignaledIPs=1) you should update ASAP.

It has been discovered that GnuGk is vulnerable in some configurations
for RTP bleed attacks (https://rtpbleed.com/). By updating to version
4.7 only the first packets in each media stream influence the media
destination.

To further secure your configuration, you can set

[Proxy]
RestrictRTPSources=Net

to only accept RTP from the same class C network that the call
signaling came from. Please beware that this may break a few valid calls
where this condition isn't met.

You can download the new version from
https://www.gnugk.org/h323download.html


Please see the full change log below.

Changes from 4.6 to 4.7
=======================
- fixes for RTP Bleed
- new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP
  from the call signal IPs or the respective class C network
- new switch [Proxy] LegacyPortDetection=1 to keep port detection help
  for some very old and broken endpoints that will make your gatekeeper
  vulnerable to RTP Bleed attacks
- BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using
  RedirectCallsToGkIP
- BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs
- new command line option: now you can use -S instead of --strict (needed
  on BSD systems)

-- 
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan@xxxxxxxxxxxxxx
Website: https://www.gnugk.org
Support: https://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux