lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1VFPC8-0004BB-EQ@titan.mandriva.com>
Date: Fri, 30 Aug 2013 15:57:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:223 ] asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:223
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : August 30, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated asterisk packages fix security vulnerabilities:
 
 A remotely exploitable crash vulnerability exists in the SIP channel
 driver if an ACK with SDP is received after the channel has been
 terminated. The handling code incorrectly assumes that the channel
 will always be present (CVE-2013-5641).
 
 A remotely exploitable crash vulnerability exists in the SIP channel
 driver if an invalid SDP is sent in a SIP request that defines
 media descriptions before connection information. The handling code
 incorrectly attempts to reference the socket address information even
 though that information has not yet been set (CVE-2013-5642).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
 http://downloads.asterisk.org/pub/security/AST-2013-004.html
 http://downloads.asterisk.org/pub/security/AST-2013-005.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 8d6a5cea86fae9d2a712793389601841  mbs1/x86_64/asterisk-11.5.1-1.mbs1.x86_64.rpm
 73e02e30167239a63676db49cbd2b927  mbs1/x86_64/asterisk-addons-11.5.1-1.mbs1.x86_64.rpm
 b6ef5db547893dcc6e1418a05576c272  mbs1/x86_64/asterisk-devel-11.5.1-1.mbs1.x86_64.rpm
 a53a92f45773124e809a9b49f6ae7e56  mbs1/x86_64/asterisk-firmware-11.5.1-1.mbs1.x86_64.rpm
 d3db6848b5e2d3c248660a2622f986a3  mbs1/x86_64/asterisk-gui-11.5.1-1.mbs1.x86_64.rpm
 5de2bee926c384793f7459c5824c793a  mbs1/x86_64/asterisk-plugins-alsa-11.5.1-1.mbs1.x86_64.rpm
 777ac119b651950c079d91f89c4d0753  mbs1/x86_64/asterisk-plugins-calendar-11.5.1-1.mbs1.x86_64.rpm
 2eb6cfe6e294de2a87029a232fe20cbe  mbs1/x86_64/asterisk-plugins-cel-11.5.1-1.mbs1.x86_64.rpm
 eb84932a5490c14afe0be9b73a7caffb  mbs1/x86_64/asterisk-plugins-corosync-11.5.1-1.mbs1.x86_64.rpm
 392eedde1710ee72a049a5a272a27200  mbs1/x86_64/asterisk-plugins-curl-11.5.1-1.mbs1.x86_64.rpm
 978673550d533947a524e350c7d2d3f2  mbs1/x86_64/asterisk-plugins-dahdi-11.5.1-1.mbs1.x86_64.rpm
 537327e04dbb9601073c826fbf004411  mbs1/x86_64/asterisk-plugins-fax-11.5.1-1.mbs1.x86_64.rpm
 5821d30e5ca8072e3cccbdcadc240802  mbs1/x86_64/asterisk-plugins-festival-11.5.1-1.mbs1.x86_64.rpm
 a4b54763013181e23cf87107ee67abff  mbs1/x86_64/asterisk-plugins-ices-11.5.1-1.mbs1.x86_64.rpm
 bf33d9d761c740fa597ca525c419ab81  mbs1/x86_64/asterisk-plugins-jabber-11.5.1-1.mbs1.x86_64.rpm
 07d060bd7155aa6491159f64f99cf87f  mbs1/x86_64/asterisk-plugins-jack-11.5.1-1.mbs1.x86_64.rpm
 2f7bccb5f7802aa7db8c1f9a2ca13048  mbs1/x86_64/asterisk-plugins-ldap-11.5.1-1.mbs1.x86_64.rpm
 3d955f6ee9d6a4e0836d9a3199529e9e  mbs1/x86_64/asterisk-plugins-lua-11.5.1-1.mbs1.x86_64.rpm
 d8cbd8af3d0417e354a5349044a21836  mbs1/x86_64/asterisk-plugins-minivm-11.5.1-1.mbs1.x86_64.rpm
 73067fb2b9ae41989568be607798f46e  mbs1/x86_64/asterisk-plugins-mobile-11.5.1-1.mbs1.x86_64.rpm
 7feca150f48f24d088bfd753c722f51a  mbs1/x86_64/asterisk-plugins-mp3-11.5.1-1.mbs1.x86_64.rpm
 f9063783181eeb8054e2e0ca0ed49443  mbs1/x86_64/asterisk-plugins-mysql-11.5.1-1.mbs1.x86_64.rpm
 5b912c96bb44b39f1fc806c4ba27c019  mbs1/x86_64/asterisk-plugins-ooh323-11.5.1-1.mbs1.x86_64.rpm
 9a9e353bb8091fbe0a013f21d4a80820  mbs1/x86_64/asterisk-plugins-osp-11.5.1-1.mbs1.x86_64.rpm
 f383a54fabf326eb5e3e90c2e91bf3b0  mbs1/x86_64/asterisk-plugins-oss-11.5.1-1.mbs1.x86_64.rpm
 66e46e44eee2bb05b3213e159ea1530c  mbs1/x86_64/asterisk-plugins-pgsql-11.5.1-1.mbs1.x86_64.rpm
 0b71b7e01495e0b0afb046d73763fbb7  mbs1/x86_64/asterisk-plugins-pktccops-11.5.1-1.mbs1.x86_64.rpm
 08188b435a6344ff7b06d7d7d60b4a14  mbs1/x86_64/asterisk-plugins-portaudio-11.5.1-1.mbs1.x86_64.rpm
 1144017cc930f58d5200663239af8a14  mbs1/x86_64/asterisk-plugins-radius-11.5.1-1.mbs1.x86_64.rpm
 6b9cd525004dcff842aa719b5bae4452  mbs1/x86_64/asterisk-plugins-saycountpl-11.5.1-1.mbs1.x86_64.rpm
 4f5f10a87270007eb45ec16936f57c03  mbs1/x86_64/asterisk-plugins-skinny-11.5.1-1.mbs1.x86_64.rpm
 947cdf0cdcd851af19e1c409b95a9b2a  mbs1/x86_64/asterisk-plugins-snmp-11.5.1-1.mbs1.x86_64.rpm
 bb0cc29439b5b18b00eb8b592dd91c49  mbs1/x86_64/asterisk-plugins-speex-11.5.1-1.mbs1.x86_64.rpm
 1a98ce112e3b6fe2fe20d0bd39783369  mbs1/x86_64/asterisk-plugins-sqlite-11.5.1-1.mbs1.x86_64.rpm
 293996c64cfbce34a57da60031cce64d  mbs1/x86_64/asterisk-plugins-tds-11.5.1-1.mbs1.x86_64.rpm
 740eadfe63133ceb5ff6d6edf4589cd0  mbs1/x86_64/asterisk-plugins-unistim-11.5.1-1.mbs1.x86_64.rpm
 97c6fc33d3148a86fe5f3f0401e53645  mbs1/x86_64/asterisk-plugins-voicemail-11.5.1-1.mbs1.x86_64.rpm
 3c4b4ba0a19608100f2089242c19c279  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.5.1-1.mbs1.x86_64.rpm
 90ac34a2f552e44097c7f54d414bd768  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.5.1-1.mbs1.x86_64.rpm
 2ed88fea8caa45abcb8aa31ef3bed941  mbs1/x86_64/lib64asteriskssl1-11.5.1-1.mbs1.x86_64.rpm 
 2599810cd469d529fc97a71ab5525836  mbs1/SRPMS/asterisk-11.5.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSIHqRmqjQ0CJFipgRAmZ1AKDuU5bzx0qzu3IEZ6Z6iNkXWLgcHQCfV4Bb
D9cKtBYCnWXKwzb9rnWCGFM=
=/HBp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ