[h323plus] GNU Gatekeeper 4.7 has been released (security update)

Jan Willamowius jan at willamowius.de
Thu Sep 21 04:54:41 EDT 2017


GNU Gatekeeper version 4.7 has just been released.

This version is purely a security update and has no new features. All
users are encouraged to update, especially if you use port detection
(IgnoreSignaledIPs=1) you should update ASAP.

It has been discovered that GnuGk is vulnerable in some configurations
for RTP bleed attacks (https://rtpbleed.com/). By updating to version
4.7 only the first packets in each media stream influence the media

To further secure your configuration, you can set


to only accept RTP from the same class C network that the call
signaling came from. Please beware that this may break a few valid calls
where this condition isn't met.

You can download the new version from

Please see the full change log below.

Changes from 4.6 to 4.7
- fixes for RTP Bleed
- new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP
  from the call signal IPs or the respective class C network
- new switch [Proxy] LegacyPortDetection=1 to keep port detection help
  for some very old and broken endpoints that will make your gatekeeper
  vulnerable to RTP Bleed attacks
- BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using
- BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs
- new command line option: now you can use -S instead of --strict (needed
  on BSD systems)

Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan at willamowius.de
Website: https://www.gnugk.org
Support: https://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

More information about the h323plus mailing list