[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Ymdc8-0006ow-Pr@titan.mandriva.com>
Date: Mon, 27 Apr 2015 09:38:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:206 ] asterisk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : asterisk
Date : April 27, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated asterisk packages fix security vulnerability:
When Asterisk registers to a SIP TLS device and and verifies the
server, Asterisk will accept signed certificates that match a common
name other than the one Asterisk is expecting if the signed certificate
has a common name containing a null byte after the portion of the
common name that Asterisk expected (CVE-2015-3008).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
http://advisories.mageia.org/MGASA-2015-0153.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
b622a720acef1302469bd5fff078bf2e mbs1/x86_64/asterisk-11.17.1-1.mbs1.x86_64.rpm
32f3ead0079bae099452d98a4691f356 mbs1/x86_64/asterisk-addons-11.17.1-1.mbs1.x86_64.rpm
90e24e6c475e8c1154c9cbd82dd5e8e8 mbs1/x86_64/asterisk-devel-11.17.1-1.mbs1.x86_64.rpm
2d1c0ac11edc6c5ce2afb4063ac434cf mbs1/x86_64/asterisk-firmware-11.17.1-1.mbs1.x86_64.rpm
4849b9beec8006708ad5855f4bda264e mbs1/x86_64/asterisk-gui-11.17.1-1.mbs1.x86_64.rpm
4c75d77f3cb59c13f60138caf8156352 mbs1/x86_64/asterisk-plugins-alsa-11.17.1-1.mbs1.x86_64.rpm
0bd35fac194ecb10e3c1d482088a4097 mbs1/x86_64/asterisk-plugins-calendar-11.17.1-1.mbs1.x86_64.rpm
192c77c10296654712131a53cbd33cde mbs1/x86_64/asterisk-plugins-cel-11.17.1-1.mbs1.x86_64.rpm
ad6c52dd1a3d92ea3c164fe5f4c88d7b mbs1/x86_64/asterisk-plugins-corosync-11.17.1-1.mbs1.x86_64.rpm
f519addc0d656d249eba9b17f911244b mbs1/x86_64/asterisk-plugins-curl-11.17.1-1.mbs1.x86_64.rpm
2db55aa7dfcdb9fd3339a1c8cbb723ab mbs1/x86_64/asterisk-plugins-dahdi-11.17.1-1.mbs1.x86_64.rpm
e9fbe3134915cbaa87b8c8d6ede1b57d mbs1/x86_64/asterisk-plugins-fax-11.17.1-1.mbs1.x86_64.rpm
ced314823d11d497168e6931028500c9 mbs1/x86_64/asterisk-plugins-festival-11.17.1-1.mbs1.x86_64.rpm
f1e23eef46fb8301c6275f39cca861a1 mbs1/x86_64/asterisk-plugins-ices-11.17.1-1.mbs1.x86_64.rpm
76a7de2c6f37c36253fd0cfc2951e074 mbs1/x86_64/asterisk-plugins-jabber-11.17.1-1.mbs1.x86_64.rpm
faaaf393ce98c61d5e918241da1a61fc mbs1/x86_64/asterisk-plugins-jack-11.17.1-1.mbs1.x86_64.rpm
5a573a8de2f9088d10516139b8237bdb mbs1/x86_64/asterisk-plugins-ldap-11.17.1-1.mbs1.x86_64.rpm
0d5b1a2c39ce5297c3607cf28d00ead3 mbs1/x86_64/asterisk-plugins-lua-11.17.1-1.mbs1.x86_64.rpm
46d790164403a789519c046761f71626 mbs1/x86_64/asterisk-plugins-minivm-11.17.1-1.mbs1.x86_64.rpm
6009212f2869b027206ea239129b52e7 mbs1/x86_64/asterisk-plugins-mobile-11.17.1-1.mbs1.x86_64.rpm
1c47febb630ab5e5bed9201fbb1b5102 mbs1/x86_64/asterisk-plugins-mp3-11.17.1-1.mbs1.x86_64.rpm
3a7be951a05846f355c9f4694ed0cb53 mbs1/x86_64/asterisk-plugins-mysql-11.17.1-1.mbs1.x86_64.rpm
7d78157a89d61a1a6e90d0f40be35886 mbs1/x86_64/asterisk-plugins-ooh323-11.17.1-1.mbs1.x86_64.rpm
7da0f34159c6e8231987fb3561fbd470 mbs1/x86_64/asterisk-plugins-osp-11.17.1-1.mbs1.x86_64.rpm
ec06bbf55b66d5a2d87a453e739e2d18 mbs1/x86_64/asterisk-plugins-oss-11.17.1-1.mbs1.x86_64.rpm
cf44e06bc7b503c3723b780193058c3f mbs1/x86_64/asterisk-plugins-pgsql-11.17.1-1.mbs1.x86_64.rpm
107bfc1ff62b68c2be740d5b15a22017 mbs1/x86_64/asterisk-plugins-pktccops-11.17.1-1.mbs1.x86_64.rpm
4fe837416f637a1aee6fde6354992283 mbs1/x86_64/asterisk-plugins-portaudio-11.17.1-1.mbs1.x86_64.rpm
8b8ef562b9a312f4a75a1801beeb6770 mbs1/x86_64/asterisk-plugins-radius-11.17.1-1.mbs1.x86_64.rpm
7e872343fdab26745bb04c86e3a76a2f mbs1/x86_64/asterisk-plugins-saycountpl-11.17.1-1.mbs1.x86_64.rpm
ec94405ec2bbbb96518f9c9602de16cb mbs1/x86_64/asterisk-plugins-skinny-11.17.1-1.mbs1.x86_64.rpm
4a77b93657631f73d7626e5152359b9b mbs1/x86_64/asterisk-plugins-snmp-11.17.1-1.mbs1.x86_64.rpm
54be929e9a936f402098af8a0685697f mbs1/x86_64/asterisk-plugins-speex-11.17.1-1.mbs1.x86_64.rpm
38db51cce7a67dcb4707ed4bd545e6e5 mbs1/x86_64/asterisk-plugins-sqlite-11.17.1-1.mbs1.x86_64.rpm
25399ec97a84ceba4e8dcd16141f2c0a mbs1/x86_64/asterisk-plugins-tds-11.17.1-1.mbs1.x86_64.rpm
8f026b239dc37c2d274caa30e89fd9b1 mbs1/x86_64/asterisk-plugins-unistim-11.17.1-1.mbs1.x86_64.rpm
e3129548c8ffec6686a0dfcfa59aad25 mbs1/x86_64/asterisk-plugins-voicemail-11.17.1-1.mbs1.x86_64.rpm
ec8983601ea02f8120ce15211733dafa mbs1/x86_64/asterisk-plugins-voicemail-imap-11.17.1-1.mbs1.x86_64.rpm
b893a384ece6c9512c940dee2750617d mbs1/x86_64/asterisk-plugins-voicemail-plain-11.17.1-1.mbs1.x86_64.rpm
ec404cef5055da70019f0013b2724091 mbs1/x86_64/lib64asteriskssl1-11.17.1-1.mbs1.x86_64.rpm
3eab65f3e42f04794aa882f3a2c62779 mbs1/SRPMS/asterisk-11.17.1-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVPdlBmqjQ0CJFipgRAhRnAJ0WzixIi5UvTH8Cm3gCAVRN9Y9rTgCgh8ag
wfZFBXBaxjDiHo57IlOXga8=
=l4+z
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists