Hi, a minor bug bug has been fixed that prevented compiling GnuGk 4.7 without H.460.18 support. The CVS and the download archves have been updated. Regards, Jan Jan Willamowius wrote: > Hi, > > GNU Gatekeeper version 4.7 has just been released. > > This version is purely a security update and has no new features. All > users are encouraged to update, especially if you use port detection > (IgnoreSignaledIPs=1) you should update ASAP. > > It has been discovered that GnuGk is vulnerable in some configurations > for RTP bleed attacks (https://rtpbleed.com/). By updating to version > 4.7 only the first packets in each media stream influence the media > destination. > > To further secure your configuration, you can set > > [Proxy] > RestrictRTPSources=Net > > to only accept RTP from the same class C network that the call > signaling came from. Please beware that this may break a few valid calls > where this condition isn't met. > > You can download the new version from > https://www.gnugk.org/h323download.html > > > Please see the full change log below. > > Changes from 4.6 to 4.7 > ======================= > - fixes for RTP Bleed > - new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP > from the call signal IPs or the respective class C network > - new switch [Proxy] LegacyPortDetection=1 to keep port detection help > for some very old and broken endpoints that will make your gatekeeper > vulnerable to RTP Bleed attacks > - BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using > RedirectCallsToGkIP > - BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs > - new command line option: now you can use -S instead of --strict (needed > on BSD systems) > > -- > Jan Willamowius, Founder of the GNU Gatekeeper Project > EMail : jan@xxxxxxxxxxxxxx > Website: https://www.gnugk.org > Support: https://www.willamowius.com/gnugk-support.html > > Relaxed Communications GmbH > Frahmredder 91 > 22393 Hamburg > Geschäftsführer: Jan Willamowius > HRB 125261 (Amtsgericht Hamburg) > USt-IdNr: DE286003584 > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________________ > > Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users > Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users > Homepage: http://www.gnugk.org/ > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
