Now that the serious SIP segfault exploit was patched by Digium some two weeks ago (v1.2.16), it would seem fitting that an update for TB would have come down the pipe by now. But it's not here!
Anybody else feel that Fonality has dropped the ball on this one? As "a leader in open source, Asterisk-based IP telephony systems" one would think they could have patched this up by now.
this also includes the multiple kernels that have come out to address security faults, time zone updates trixbox is not releasing yet, and other updates for bugs and security that trixbox has not released. Since at least for the gxp 2k's the server requires internet access security MUST be considered otherwise the PBX is a massive exploit waiting to happen.
At least make it able to use the centos updates channel without screwing up various dependencies. Trixbox is a good product but it's security shortcomings are becoming enough to manually build my own pbx around freepbx/asterisk..etc etc. Get on the security ball guys please.
Two thoughts here. One this is a free open source project. If you paid for it you would have a right to complain. Two, do some research. NerdVittles has a simple solution that works fine.
http://nerdvittles.com/index.php?p=171
Yes it works with trixbox 2.0
I used a script on two boxes and they are fine. The NerdVittles directions are for 1.2.3 and for 2.0 try http://www.script-trix.us/updatesource.htm
Note that once you start installing from source, then the Package Manager doesn't look correct and there may be extra steps in use an RPM update in the future.
Robert.
Robert Keller - Chief Technologist at large
The VoIP Experience
Open Telephony Training Seminar
We should have all the Asterisk updates available this weekend.
Kerry Garrison
Sr. Product Manager, trixbox
http://voipspeak.net - http://asterisktutorials.com
Kerry Garrison
http://www.VoipStore.com - http://3cxbook.com
(888) VOIPSTORE - (888) 864-7786
If you paid for it you would have a right to complain.
No, it doesn't work that way. Trixbox/Fonality have released a product into the wild, it's their responsibility to keep it up to date, otherwise someone will get irritated enough to fork the project. Free and Open Source software (mostly) benefits the users, not the creators -- or in this case the package distributors.
Anyone with an issue would be well within their rights to complain. Complaints, along with suggestions, are two of the driving forces behind the development of FOSS (or any software.)
Note that I'm not complaining -- I don't think they're doing a bad job. Sure, they could be doing a better one, but I think they're trying to build an infrastructure to do just that. That being said, there are quite a few things I've been waiting patiently for -- the security fixes for one, and the Aastra XML packages for another.
WARNING: I no longer actively participate in these forums. My thoughts on trixbox in a nutshell: http://www.youtube.com/watch?v=q4xBMkWu1pE Use AsteriskNOW instead.
Two more SIP denial of service holes were patched today. The Nerd Vittles HOW-TO should be out in the morning with a little luck in the testing...
http://nerdvittles.com/index.php?p=174
I am going to give the update script-trix.us a try. Adjusted for Zaptel 1.2.16 and Asterisk 1.2.17.
Robert
EDIT: I just upgraded my 2.0 box and it seems fine.
Robert
Robert Keller - Chief Technologist at large
The VoIP Experience
Open Telephony Training Seminar
Unfortunately, most of the development team is at VON and wont return until tomorrow night and it is very difficult to get updates out from here. I promise updates for 1.2.17 will be out this week.
Kerry Garrison
Sr. Product Manager, trixbox
http://voipspeak.net - http://asterisktutorials.com
Kerry Garrison
http://www.VoipStore.com - http://3cxbook.com
(888) VOIPSTORE - (888) 864-7786
Developers at VON, hanging with the babes... ANd you expect productive work from them in the next few weeks...
q
Copyright © 2011 Fonality
Fonality and trixbox are trademarks of Fonality. Trademark Policy. Privacy Policy.
Asterisk is a trademark of Digium, Inc. Fonality and trixbox are not affiliated with, nor endorsed by Digium, Inc.
Member Since:
2006-07-17