lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Ymdc8-0006ow-Pr@titan.mandriva.com>
Date: Mon, 27 Apr 2015 09:38:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2015:206 ] asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:206
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : April 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated asterisk packages fix security vulnerability:
 
 When Asterisk registers to a SIP TLS device and and verifies the
 server, Asterisk will accept signed certificates that match a common
 name other than the one Asterisk is expecting if the signed certificate
 has a common name containing a null byte after the portion of the
 common name that Asterisk expected (CVE-2015-3008).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
 http://advisories.mageia.org/MGASA-2015-0153.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 b622a720acef1302469bd5fff078bf2e  mbs1/x86_64/asterisk-11.17.1-1.mbs1.x86_64.rpm
 32f3ead0079bae099452d98a4691f356  mbs1/x86_64/asterisk-addons-11.17.1-1.mbs1.x86_64.rpm
 90e24e6c475e8c1154c9cbd82dd5e8e8  mbs1/x86_64/asterisk-devel-11.17.1-1.mbs1.x86_64.rpm
 2d1c0ac11edc6c5ce2afb4063ac434cf  mbs1/x86_64/asterisk-firmware-11.17.1-1.mbs1.x86_64.rpm
 4849b9beec8006708ad5855f4bda264e  mbs1/x86_64/asterisk-gui-11.17.1-1.mbs1.x86_64.rpm
 4c75d77f3cb59c13f60138caf8156352  mbs1/x86_64/asterisk-plugins-alsa-11.17.1-1.mbs1.x86_64.rpm
 0bd35fac194ecb10e3c1d482088a4097  mbs1/x86_64/asterisk-plugins-calendar-11.17.1-1.mbs1.x86_64.rpm
 192c77c10296654712131a53cbd33cde  mbs1/x86_64/asterisk-plugins-cel-11.17.1-1.mbs1.x86_64.rpm
 ad6c52dd1a3d92ea3c164fe5f4c88d7b  mbs1/x86_64/asterisk-plugins-corosync-11.17.1-1.mbs1.x86_64.rpm
 f519addc0d656d249eba9b17f911244b  mbs1/x86_64/asterisk-plugins-curl-11.17.1-1.mbs1.x86_64.rpm
 2db55aa7dfcdb9fd3339a1c8cbb723ab  mbs1/x86_64/asterisk-plugins-dahdi-11.17.1-1.mbs1.x86_64.rpm
 e9fbe3134915cbaa87b8c8d6ede1b57d  mbs1/x86_64/asterisk-plugins-fax-11.17.1-1.mbs1.x86_64.rpm
 ced314823d11d497168e6931028500c9  mbs1/x86_64/asterisk-plugins-festival-11.17.1-1.mbs1.x86_64.rpm
 f1e23eef46fb8301c6275f39cca861a1  mbs1/x86_64/asterisk-plugins-ices-11.17.1-1.mbs1.x86_64.rpm
 76a7de2c6f37c36253fd0cfc2951e074  mbs1/x86_64/asterisk-plugins-jabber-11.17.1-1.mbs1.x86_64.rpm
 faaaf393ce98c61d5e918241da1a61fc  mbs1/x86_64/asterisk-plugins-jack-11.17.1-1.mbs1.x86_64.rpm
 5a573a8de2f9088d10516139b8237bdb  mbs1/x86_64/asterisk-plugins-ldap-11.17.1-1.mbs1.x86_64.rpm
 0d5b1a2c39ce5297c3607cf28d00ead3  mbs1/x86_64/asterisk-plugins-lua-11.17.1-1.mbs1.x86_64.rpm
 46d790164403a789519c046761f71626  mbs1/x86_64/asterisk-plugins-minivm-11.17.1-1.mbs1.x86_64.rpm
 6009212f2869b027206ea239129b52e7  mbs1/x86_64/asterisk-plugins-mobile-11.17.1-1.mbs1.x86_64.rpm
 1c47febb630ab5e5bed9201fbb1b5102  mbs1/x86_64/asterisk-plugins-mp3-11.17.1-1.mbs1.x86_64.rpm
 3a7be951a05846f355c9f4694ed0cb53  mbs1/x86_64/asterisk-plugins-mysql-11.17.1-1.mbs1.x86_64.rpm
 7d78157a89d61a1a6e90d0f40be35886  mbs1/x86_64/asterisk-plugins-ooh323-11.17.1-1.mbs1.x86_64.rpm
 7da0f34159c6e8231987fb3561fbd470  mbs1/x86_64/asterisk-plugins-osp-11.17.1-1.mbs1.x86_64.rpm
 ec06bbf55b66d5a2d87a453e739e2d18  mbs1/x86_64/asterisk-plugins-oss-11.17.1-1.mbs1.x86_64.rpm
 cf44e06bc7b503c3723b780193058c3f  mbs1/x86_64/asterisk-plugins-pgsql-11.17.1-1.mbs1.x86_64.rpm
 107bfc1ff62b68c2be740d5b15a22017  mbs1/x86_64/asterisk-plugins-pktccops-11.17.1-1.mbs1.x86_64.rpm
 4fe837416f637a1aee6fde6354992283  mbs1/x86_64/asterisk-plugins-portaudio-11.17.1-1.mbs1.x86_64.rpm
 8b8ef562b9a312f4a75a1801beeb6770  mbs1/x86_64/asterisk-plugins-radius-11.17.1-1.mbs1.x86_64.rpm
 7e872343fdab26745bb04c86e3a76a2f  mbs1/x86_64/asterisk-plugins-saycountpl-11.17.1-1.mbs1.x86_64.rpm
 ec94405ec2bbbb96518f9c9602de16cb  mbs1/x86_64/asterisk-plugins-skinny-11.17.1-1.mbs1.x86_64.rpm
 4a77b93657631f73d7626e5152359b9b  mbs1/x86_64/asterisk-plugins-snmp-11.17.1-1.mbs1.x86_64.rpm
 54be929e9a936f402098af8a0685697f  mbs1/x86_64/asterisk-plugins-speex-11.17.1-1.mbs1.x86_64.rpm
 38db51cce7a67dcb4707ed4bd545e6e5  mbs1/x86_64/asterisk-plugins-sqlite-11.17.1-1.mbs1.x86_64.rpm
 25399ec97a84ceba4e8dcd16141f2c0a  mbs1/x86_64/asterisk-plugins-tds-11.17.1-1.mbs1.x86_64.rpm
 8f026b239dc37c2d274caa30e89fd9b1  mbs1/x86_64/asterisk-plugins-unistim-11.17.1-1.mbs1.x86_64.rpm
 e3129548c8ffec6686a0dfcfa59aad25  mbs1/x86_64/asterisk-plugins-voicemail-11.17.1-1.mbs1.x86_64.rpm
 ec8983601ea02f8120ce15211733dafa  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.17.1-1.mbs1.x86_64.rpm
 b893a384ece6c9512c940dee2750617d  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.17.1-1.mbs1.x86_64.rpm
 ec404cef5055da70019f0013b2724091  mbs1/x86_64/lib64asteriskssl1-11.17.1-1.mbs1.x86_64.rpm 
 3eab65f3e42f04794aa882f3a2c62779  mbs1/SRPMS/asterisk-11.17.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVPdlBmqjQ0CJFipgRAhRnAJ0WzixIi5UvTH8Cm3gCAVRN9Y9rTgCgh8ag
wfZFBXBaxjDiHo57IlOXga8=
=l4+z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ