New Freeswitch Vulnerabilities

Status
Not open for further replies.
bcmike

bcmike

Active Member
Jun 7, 2018
337
58
28
54
It appears as though there are a lot of bug fixes in 1.10.7:

"This is a major release with more than 300 changes containing fixes for 5 security advisories adding support for Debian 11, mod_python3 and a lot of bugfixes. Debian 8 support has been dropped. Freetdm has been moved out of tree."

I completed this procedure on one of our production boxes last night:

apt update
apt list --upgradable (To make sure we're upgrading to the right version)
apt-get install freeswitch
systemctl restart freeswitch

This takes me to 1.10.7. on Debian Stretch. Your mileage may vary. FYI, I hate being on the bleeding edge but the security advisories made this critical.

I will report any issues as they arise.
 
Last edited:
I

Incubugs

Member
Apr 7, 2018
175
10
18
49
Any ideas on howto fix those fail2ban problems ? i did look at the link but its a bit beyond me when it comes to fail2ban not my strong point
 
hfoster

hfoster

Active Member
Jan 28, 2019
684
81
28
34
bcmike said:
Your mileage may vary. FYI
Click to expand...
Indeed, the Ubuntu 'release' of FusionPBX is source based now so you have to modify the config.sh of the installer and then run switch.sh again. I haven't extensively tested though, so lord only knows what might occur other than the Fail2Ban shenanigans.

Never mind, spandsp got moved out of the tree, (along with sofia-sip) so that scuppers the compile process for freeswitch, so you also have to compile spandsp and sofia-sip and run ldconfig after.

Still not sure of the reason for the divergence from Debian, maybe FusionPBX/FreeSwitch will be a snap soon? :D
 
Last edited:
DigitalDaz

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,070
577
113
The fail2ban filters by the looks of them just need a little tweak, see this thread, I have only tested one:

Upgrade to 1.10.7

Hi Guys, so i have been reading about the issues in 1.10.6 and wonder if it may be a good time to upgrade, i did it on a test vm and the upgrade went ok to be honest and freeswitch started fine, however i noticed that fail2ban filters for freeswitch have stopped working, this obviously cant be...
www.pbxforums.com www.pbxforums.com
 
D

Dan

Member
Jul 23, 2017
69
12
8
34
Has anyone had trouble with Freeswitch 1.10.7 crashing? We have been seeing it drop audio one way on certain calls and crash after a few days, whereby it often just stops responding to SIP traffic but the process keeps running.

Here are some of the open bugs that I thought might be affecting me:
Segmentation fault in switch_event_serialize #1562 - https://github.com/signalwire/freeswitch/issues/1562
playback mp4 file memory leak #1572 - https://github.com/signalwire/freeswitch/issues/1572
locking issue #1578 - https://github.com/signalwire/freeswitch/issues/1578
Error opening MoH files with the path containing .loc #1576 - https://github.com/signalwire/freeswitch/issues/1576
1.10.8 missing auth_digest fails register for external profile, 1.10.6 works #1511 - https://github.com/signalwire/freeswitch/issues/1511
WRONG_CALL_STATE & wss port dead & freeSWITCH Process exits #1513 - https://github.com/signalwire/freeswitch/issues/1513

I personally have been experiencing the symptoms described by #1562 and #1513, and verified that the other issues (except perhaps #1511) aren't the cause of my troubles with Freeswitch 1.10.7

Edit: It appears I needed to change my PHP settings as shown here, Freeswitch was hanging when calling v_mailto.php among other things and hanging there needlessly since the limits in PHP.ini were too low.
 
Last edited:
bcmike

bcmike

Active Member
Jun 7, 2018
337
58
28
54
Knock on wood I have not had any problems, although my use case might be different than yours. I upgraded via binaries for Debian.

It might help to know your environment better.
 
Status
Not open for further replies.
Top Bottom