Re: GNU Gatekeeper 4.7 has been released (security update)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

a minor bug bug has been fixed that prevented compiling GnuGk 4.7
without H.460.18 support. The CVS and the download archves have been
updated.

Regards,
Jan


Jan Willamowius wrote:
> Hi,
> 
> GNU Gatekeeper version 4.7 has just been released.
> 
> This version is purely a security update and has no new features. All
> users are encouraged to update, especially if you use port detection
> (IgnoreSignaledIPs=1) you should update ASAP.
> 
> It has been discovered that GnuGk is vulnerable in some configurations
> for RTP bleed attacks (https://rtpbleed.com/). By updating to version
> 4.7 only the first packets in each media stream influence the media
> destination.
> 
> To further secure your configuration, you can set
> 
> [Proxy]
> RestrictRTPSources=Net
> 
> to only accept RTP from the same class C network that the call
> signaling came from. Please beware that this may break a few valid calls
> where this condition isn't met.
> 
> You can download the new version from
> https://www.gnugk.org/h323download.html
> 
> 
> Please see the full change log below.
> 
> Changes from 4.6 to 4.7
> =======================
> - fixes for RTP Bleed
> - new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP
>   from the call signal IPs or the respective class C network
> - new switch [Proxy] LegacyPortDetection=1 to keep port detection help
>   for some very old and broken endpoints that will make your gatekeeper
>   vulnerable to RTP Bleed attacks
> - BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using
>   RedirectCallsToGkIP
> - BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs
> - new command line option: now you can use -S instead of --strict (needed
>   on BSD systems)
> 
> -- 
> Jan Willamowius, Founder of the GNU Gatekeeper Project
> EMail  : jan@xxxxxxxxxxxxxx
> Website: https://www.gnugk.org
> Support: https://www.willamowius.com/gnugk-support.html
> 
> Relaxed Communications GmbH
> Frahmredder 91
> 22393 Hamburg
> Geschäftsführer: Jan Willamowius
> HRB 125261 (Amtsgericht Hamburg)
> USt-IdNr: DE286003584
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________________
> 
> Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
> Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
> Homepage: http://www.gnugk.org/
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/




[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux