| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Aug 2013 15:57:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2013:223 ] asterisk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:223 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : August 30, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated asterisk packages fix security vulnerabilities: A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641). A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642 http://downloads.asterisk.org/pub/security/AST-2013-004.html http://downloads.asterisk.org/pub/security/AST-2013-005.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 8d6a5cea86fae9d2a712793389601841 mbs1/x86_64/asterisk-11.5.1-1.mbs1.x86_64.rpm 73e02e30167239a63676db49cbd2b927 mbs1/x86_64/asterisk-addons-11.5.1-1.mbs1.x86_64.rpm b6ef5db547893dcc6e1418a05576c272 mbs1/x86_64/asterisk-devel-11.5.1-1.mbs1.x86_64.rpm a53a92f45773124e809a9b49f6ae7e56 mbs1/x86_64/asterisk-firmware-11.5.1-1.mbs1.x86_64.rpm d3db6848b5e2d3c248660a2622f986a3 mbs1/x86_64/asterisk-gui-11.5.1-1.mbs1.x86_64.rpm 5de2bee926c384793f7459c5824c793a mbs1/x86_64/asterisk-plugins-alsa-11.5.1-1.mbs1.x86_64.rpm 777ac119b651950c079d91f89c4d0753 mbs1/x86_64/asterisk-plugins-calendar-11.5.1-1.mbs1.x86_64.rpm 2eb6cfe6e294de2a87029a232fe20cbe mbs1/x86_64/asterisk-plugins-cel-11.5.1-1.mbs1.x86_64.rpm eb84932a5490c14afe0be9b73a7caffb mbs1/x86_64/asterisk-plugins-corosync-11.5.1-1.mbs1.x86_64.rpm 392eedde1710ee72a049a5a272a27200 mbs1/x86_64/asterisk-plugins-curl-11.5.1-1.mbs1.x86_64.rpm 978673550d533947a524e350c7d2d3f2 mbs1/x86_64/asterisk-plugins-dahdi-11.5.1-1.mbs1.x86_64.rpm 537327e04dbb9601073c826fbf004411 mbs1/x86_64/asterisk-plugins-fax-11.5.1-1.mbs1.x86_64.rpm 5821d30e5ca8072e3cccbdcadc240802 mbs1/x86_64/asterisk-plugins-festival-11.5.1-1.mbs1.x86_64.rpm a4b54763013181e23cf87107ee67abff mbs1/x86_64/asterisk-plugins-ices-11.5.1-1.mbs1.x86_64.rpm bf33d9d761c740fa597ca525c419ab81 mbs1/x86_64/asterisk-plugins-jabber-11.5.1-1.mbs1.x86_64.rpm 07d060bd7155aa6491159f64f99cf87f mbs1/x86_64/asterisk-plugins-jack-11.5.1-1.mbs1.x86_64.rpm 2f7bccb5f7802aa7db8c1f9a2ca13048 mbs1/x86_64/asterisk-plugins-ldap-11.5.1-1.mbs1.x86_64.rpm 3d955f6ee9d6a4e0836d9a3199529e9e mbs1/x86_64/asterisk-plugins-lua-11.5.1-1.mbs1.x86_64.rpm d8cbd8af3d0417e354a5349044a21836 mbs1/x86_64/asterisk-plugins-minivm-11.5.1-1.mbs1.x86_64.rpm 73067fb2b9ae41989568be607798f46e mbs1/x86_64/asterisk-plugins-mobile-11.5.1-1.mbs1.x86_64.rpm 7feca150f48f24d088bfd753c722f51a mbs1/x86_64/asterisk-plugins-mp3-11.5.1-1.mbs1.x86_64.rpm f9063783181eeb8054e2e0ca0ed49443 mbs1/x86_64/asterisk-plugins-mysql-11.5.1-1.mbs1.x86_64.rpm 5b912c96bb44b39f1fc806c4ba27c019 mbs1/x86_64/asterisk-plugins-ooh323-11.5.1-1.mbs1.x86_64.rpm 9a9e353bb8091fbe0a013f21d4a80820 mbs1/x86_64/asterisk-plugins-osp-11.5.1-1.mbs1.x86_64.rpm f383a54fabf326eb5e3e90c2e91bf3b0 mbs1/x86_64/asterisk-plugins-oss-11.5.1-1.mbs1.x86_64.rpm 66e46e44eee2bb05b3213e159ea1530c mbs1/x86_64/asterisk-plugins-pgsql-11.5.1-1.mbs1.x86_64.rpm 0b71b7e01495e0b0afb046d73763fbb7 mbs1/x86_64/asterisk-plugins-pktccops-11.5.1-1.mbs1.x86_64.rpm 08188b435a6344ff7b06d7d7d60b4a14 mbs1/x86_64/asterisk-plugins-portaudio-11.5.1-1.mbs1.x86_64.rpm 1144017cc930f58d5200663239af8a14 mbs1/x86_64/asterisk-plugins-radius-11.5.1-1.mbs1.x86_64.rpm 6b9cd525004dcff842aa719b5bae4452 mbs1/x86_64/asterisk-plugins-saycountpl-11.5.1-1.mbs1.x86_64.rpm 4f5f10a87270007eb45ec16936f57c03 mbs1/x86_64/asterisk-plugins-skinny-11.5.1-1.mbs1.x86_64.rpm 947cdf0cdcd851af19e1c409b95a9b2a mbs1/x86_64/asterisk-plugins-snmp-11.5.1-1.mbs1.x86_64.rpm bb0cc29439b5b18b00eb8b592dd91c49 mbs1/x86_64/asterisk-plugins-speex-11.5.1-1.mbs1.x86_64.rpm 1a98ce112e3b6fe2fe20d0bd39783369 mbs1/x86_64/asterisk-plugins-sqlite-11.5.1-1.mbs1.x86_64.rpm 293996c64cfbce34a57da60031cce64d mbs1/x86_64/asterisk-plugins-tds-11.5.1-1.mbs1.x86_64.rpm 740eadfe63133ceb5ff6d6edf4589cd0 mbs1/x86_64/asterisk-plugins-unistim-11.5.1-1.mbs1.x86_64.rpm 97c6fc33d3148a86fe5f3f0401e53645 mbs1/x86_64/asterisk-plugins-voicemail-11.5.1-1.mbs1.x86_64.rpm 3c4b4ba0a19608100f2089242c19c279 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.5.1-1.mbs1.x86_64.rpm 90ac34a2f552e44097c7f54d414bd768 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.5.1-1.mbs1.x86_64.rpm 2ed88fea8caa45abcb8aa31ef3bed941 mbs1/x86_64/lib64asteriskssl1-11.5.1-1.mbs1.x86_64.rpm 2599810cd469d529fc97a71ab5525836 mbs1/SRPMS/asterisk-11.5.1-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSIHqRmqjQ0CJFipgRAmZ1AKDuU5bzx0qzu3IEZ6Z6iNkXWLgcHQCfV4Bb D9cKtBYCnWXKwzb9rnWCGFM= =/HBp -----END PGP SIGNATURE-----
Powered by blists - more mailing lists