[h323plus] GNU Gatekeeper 4.7 has been released (security update)
jan at willamowius.de
Thu Sep 21 04:54:41 EDT 2017
GNU Gatekeeper version 4.7 has just been released.
This version is purely a security update and has no new features. All
users are encouraged to update, especially if you use port detection
(IgnoreSignaledIPs=1) you should update ASAP.
It has been discovered that GnuGk is vulnerable in some configurations
for RTP bleed attacks (https://rtpbleed.com/). By updating to version
4.7 only the first packets in each media stream influence the media
To further secure your configuration, you can set
to only accept RTP from the same class C network that the call
signaling came from. Please beware that this may break a few valid calls
where this condition isn't met.
You can download the new version from
Please see the full change log below.
Changes from 4.6 to 4.7
- fixes for RTP Bleed
- new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP
from the call signal IPs or the respective class C network
- new switch [Proxy] LegacyPortDetection=1 to keep port detection help
for some very old and broken endpoints that will make your gatekeeper
vulnerable to RTP Bleed attacks
- BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using
- BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs
- new command line option: now you can use -S instead of --strict (needed
on BSD systems)
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan at willamowius.de
Relaxed Communications GmbH
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
More information about the h323plus