Recently Asterisk have posted 2 security advisories of CVE-2017-17090 (AST-2017-013) and AST-2017-012.
The fixes for these advisory require Asterisk 13.18.3 and 13.18.4 respectively.
I am running the latest FreePBX patch 10.13.66-22; however, this version come with the latest Asterisk of 13.18.0.
I am wondering if FreePBX team has any plan to provide the next update for the version 10 with newer Asterisk?
Base on the article Sangoma Documentation, the FreePBX patch 10.13.66-22 is latest for FreePBX v.10. And coming with this 10.13.66-22 is the Asterisk 13.18.0.
I followed your advise to run the yum update and head into a warning of unfinished transaction.
I therefore ran the yum-complete-transaction in order to check for the unfinished transaction and receive the following.
===================================================================================
Package Arch Version Repository Size
Removing:
audit-libs x86_64 2.2-4.el6_5 @anaconda-PBX-201403180405.x86_64/6.5 170 k
avahi-libs x86_64 0.6.25-12.el6_5.3 @anaconda-PBX-201403180405.x86_64/6.5 112 k
bash x86_64 4.1.2-15.el6_5.2 @anaconda-PBX-201403180405.x86_64/6.5 3.0 M
bfa-firmware noarch 3.2.21.1-2.el6 @anaconda-PBX-201403180405.x86_64/6.5 6.9 M
bind-libs x86_64 32:9.8.2-0.23.rc1.el6_5.1 @anaconda-PBX-201403180405.x86_64/6.5 2.2 M
binutils x86_64 2.20.51.0.2-5.36.el6 @anaconda-PBX-201403180405.x86_64/6.5 9.4 M
ca-certificates noarch 2014.1.98-65.0.el6_5 @anaconda-PBX-201403180405.x86_64/6.5 2.9 M
cairo x86_64 1.8.8-3.1.el6 @anaconda-PBX-201403180405.x86_64/6.5 779 k
coreutils x86_64 8.4-31.el6_5.2 @anaconda-PBX-201403180405.x86_64/6.5 12 M
coreutils-libs x86_64 8.4-31.el6_5.2 @anaconda-PBX-201403180405.x86_64/6.5 5.4 k
cpp x86_64 4.4.7-4.el6 @anaconda-PBX-201403180405.x86_64/6.5 9.5 M
crda x86_64 1.1.1_2010.11.22-1.el6 … @anaconda-PBX-201403180405.x86_64/6.5 2.4 M
system-config-firewall-base noarch 1.2.27-5.el6 @anaconda-PBX-201403180405.x86_64/6.5 2.3 M
tzdata noarch 2014h-1.el6 @updates 1.8 M
udev x86_64 147-2.51.el6 @anaconda-PBX-201403180405.x86_64/6.5 1.2 M
util-linux-ng x86_64 2.17.2-12.14.el6_5 @anaconda-PBX-201403180405.x86_64/6.5 5.7 M
wanpipe x86_64 7.0.12.2-1kernel.2.6.32.431.el6.dahdi.2.10.0.1.rel.1.shmz65.1.6 @pbx 62 M
xz x86_64 4.999.9-0.3.beta.20091007git.el6 @anaconda-PBX-201403180405.x86_64/6.5 476 k
xz-libs x86_64 4.999.9-0.3.beta.20091007git.el6 @anaconda-PBX-201403180405.x86_64/6.5 209 k
Transaction Summary
Remove 171 Package(s)
Installed size: 522 M
Looking at the install size of 522M, this seems to be a major update to the FreePBX system.
I am not familiar with this yum update method.
I only worked with the script update method before with FreePBX.
Is there a script update method to update the system like once posted here Sangoma Documentation?
The asterisk-version-switch shows me there are Asterisk 11, 13, and 14 as options to switch to.
I am currently on version 13, version 14 is currently in beta.
This is the outcome from the command:
Pick the Asterisk Version you would like to change to.
Press 1 and the Enter key for Asterisk 11
Press 2 and the Enter key for Asterisk 13
Press 3 and the Enter key for Asterisk 14 (Currently in beta)
Press 9 and the Enter key to exit and not change your Asterisk Version
I did exactly this and the Asterisk remain the same at 13.18.0 which is the version affected by the security advisory.
This page is still showing FreePBX 10.13.66-22 as the latest version of FreePBX 10 https://wiki.freepbx.org/display/PPS/FreePBX-Distro-10.13.66
Is this in fact the latest version of FreePBX10?