lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Xrnd2-0001cZ-Dq@titan.mandriva.com>
Date: Fri, 21 Nov 2014 13:48:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2014:218 ] asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:218
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : November 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in asterisk:
 
 Remote crash when handling out of call message in certain dialplan
 configurations (CVE-2014-6610).
 
 Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566).
 
 Mixed IP address families in access control lists may permit unwanted
 traffic.
 
 High call load may result in hung channels in ConfBridge.
 
 Permission escalation through ConfBridge actions/dialplan functions.
 
 The updated packages has been upgraded to the 11.14.1 version which
 is not vulnerable to these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
 http://downloads.asterisk.org/pub/security/AST-2014-010.html
 http://downloads.asterisk.org/pub/security/AST-2014-011.html
 http://downloads.asterisk.org/pub/security/AST-2014-012.html
 http://downloads.asterisk.org/pub/security/AST-2014-014.html
 http://downloads.asterisk.org/pub/security/AST-2014-017.html
 http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.14.1-summary.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 c51cb6ffff59bffd642bb902ca8162f1  mbs1/x86_64/asterisk-11.14.1-1.mbs1.x86_64.rpm
 c0f85969b4d756688494358697f005c9  mbs1/x86_64/asterisk-addons-11.14.1-1.mbs1.x86_64.rpm
 31713ecdd6b61071fb61b42cd787701f  mbs1/x86_64/asterisk-devel-11.14.1-1.mbs1.x86_64.rpm
 162e4350a312c6e090fb75194d53884d  mbs1/x86_64/asterisk-firmware-11.14.1-1.mbs1.x86_64.rpm
 17e181231c0d38df044ca55e7854b51d  mbs1/x86_64/asterisk-gui-11.14.1-1.mbs1.x86_64.rpm
 18c8ece7a7f60c803a7c861a65098911  mbs1/x86_64/asterisk-plugins-alsa-11.14.1-1.mbs1.x86_64.rpm
 ec473426a8f58b4a3cc29d10ead4d8f6  mbs1/x86_64/asterisk-plugins-calendar-11.14.1-1.mbs1.x86_64.rpm
 24e8d37e023ac50d108aec12b5046265  mbs1/x86_64/asterisk-plugins-cel-11.14.1-1.mbs1.x86_64.rpm
 8968cf4e2893e81c6548374a35bd99ac  mbs1/x86_64/asterisk-plugins-corosync-11.14.1-1.mbs1.x86_64.rpm
 76c6d4296d0302077875ed7f5231b2cd  mbs1/x86_64/asterisk-plugins-curl-11.14.1-1.mbs1.x86_64.rpm
 fdb776323a732bf1f5d74577d1d50016  mbs1/x86_64/asterisk-plugins-dahdi-11.14.1-1.mbs1.x86_64.rpm
 ac14dbc670119059cd90876c25f8d927  mbs1/x86_64/asterisk-plugins-fax-11.14.1-1.mbs1.x86_64.rpm
 aa4b1e716dda92a07d1ab86924bf30f7  mbs1/x86_64/asterisk-plugins-festival-11.14.1-1.mbs1.x86_64.rpm
 320c9d15d38382dba12e1fa050d23b92  mbs1/x86_64/asterisk-plugins-ices-11.14.1-1.mbs1.x86_64.rpm
 1e23348126a183856b0869dc4d8d308e  mbs1/x86_64/asterisk-plugins-jabber-11.14.1-1.mbs1.x86_64.rpm
 66551930b10eb068b0fdcf8c0823651d  mbs1/x86_64/asterisk-plugins-jack-11.14.1-1.mbs1.x86_64.rpm
 a638c610fd6e2fd335c598c1b4da00e9  mbs1/x86_64/asterisk-plugins-ldap-11.14.1-1.mbs1.x86_64.rpm
 e36665aaf4328129da0a0997eea692bc  mbs1/x86_64/asterisk-plugins-lua-11.14.1-1.mbs1.x86_64.rpm
 a3c7eb40e517b35c0cefc7d9b910cdb4  mbs1/x86_64/asterisk-plugins-minivm-11.14.1-1.mbs1.x86_64.rpm
 e424c8c9c5e2deab47f244b277398b51  mbs1/x86_64/asterisk-plugins-mobile-11.14.1-1.mbs1.x86_64.rpm
 f80f743a85409065758b068a14e25a83  mbs1/x86_64/asterisk-plugins-mp3-11.14.1-1.mbs1.x86_64.rpm
 0ac6785ecb4bd82c3b4eb92e8b149731  mbs1/x86_64/asterisk-plugins-mysql-11.14.1-1.mbs1.x86_64.rpm
 477784fddff9b23b41813e073b3b8320  mbs1/x86_64/asterisk-plugins-ooh323-11.14.1-1.mbs1.x86_64.rpm
 4e7301826ec3187feecdbbd1e60c11a6  mbs1/x86_64/asterisk-plugins-osp-11.14.1-1.mbs1.x86_64.rpm
 1753e99e936d3975fc1861fd67250694  mbs1/x86_64/asterisk-plugins-oss-11.14.1-1.mbs1.x86_64.rpm
 5cc90093af54761a46c695cf46873734  mbs1/x86_64/asterisk-plugins-pgsql-11.14.1-1.mbs1.x86_64.rpm
 052fa6b84ee2a1339c4f4013f9bd9160  mbs1/x86_64/asterisk-plugins-pktccops-11.14.1-1.mbs1.x86_64.rpm
 c7f857575e2fe4b0ff6b470bffeb60b2  mbs1/x86_64/asterisk-plugins-portaudio-11.14.1-1.mbs1.x86_64.rpm
 eeac32dd9a60156db1dace2a44b051ab  mbs1/x86_64/asterisk-plugins-radius-11.14.1-1.mbs1.x86_64.rpm
 c14dc9a89aa265ea1abe69d1596b754c  mbs1/x86_64/asterisk-plugins-saycountpl-11.14.1-1.mbs1.x86_64.rpm
 fb1248b1e11190ce4150cc59b1b2f2e6  mbs1/x86_64/asterisk-plugins-skinny-11.14.1-1.mbs1.x86_64.rpm
 fb50e5c640ce34213b41e8a505f7df49  mbs1/x86_64/asterisk-plugins-snmp-11.14.1-1.mbs1.x86_64.rpm
 a7b4f389bc0f66937a23b7fa00c4ccac  mbs1/x86_64/asterisk-plugins-speex-11.14.1-1.mbs1.x86_64.rpm
 e98250351bfbb1b2f40a1d9c39ed88dd  mbs1/x86_64/asterisk-plugins-sqlite-11.14.1-1.mbs1.x86_64.rpm
 f87581b2b56a610299d53f4e25528e10  mbs1/x86_64/asterisk-plugins-tds-11.14.1-1.mbs1.x86_64.rpm
 8f29e88a502cac7a49400c2040a08057  mbs1/x86_64/asterisk-plugins-unistim-11.14.1-1.mbs1.x86_64.rpm
 a204d1147b7a5042eef622f6231b776b  mbs1/x86_64/asterisk-plugins-voicemail-11.14.1-1.mbs1.x86_64.rpm
 7ff13281c7ff4960908786b8bdd2f069  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.14.1-1.mbs1.x86_64.rpm
 dc4f408b50f46b7d1e350a0dda42c770  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.14.1-1.mbs1.x86_64.rpm
 25587e56764c03d34e63401c979a04e2  mbs1/x86_64/lib64asteriskssl1-11.14.1-1.mbs1.x86_64.rpm 
 d7c66982d82943dbd48e36aca17f877b  mbs1/SRPMS/asterisk-11.14.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUbyZpmqjQ0CJFipgRAvW0AJ46OLoVFnx4oeml/cekhyNwEx+lBQCcCTfO
tUw0YBtFUhuteeM8nfkUGMI=
=bAaS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ