lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Vv1Jg-0000P8-5e@titan.mandriva.com>
Date: Mon, 23 Dec 2013 09:56:45 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2013:300 ] asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:300
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : December 22, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in asterisk:
 
 Buffer overflow in the unpacksms16 function in apps/app_sms.c in
 Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
 and 11.x before 11.2-cert3 allows remote attackers to cause a denial
 of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).
 
 The updated packages has been upgraded to the 11.7.0 version which
 resolves various upstream bugs and is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
 https://issues.asterisk.org/jira/browse/ASTERISK-22590
 http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e24b714a039387ce246a75cb86f9a5aa  mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm
 af4da5a36e630210f2483ae3c46db9b4  mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm
 85e539430165237292a64e104c0dcaff  mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm
 5c539a9ecc40ce581a6e052498a4e17b  mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm
 2620a9775c3f4a81856e5209cb92415f  mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm
 0fb5cb906884a9a4948dacdc4f2e3728  mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm
 660123db21c5819ebba6fe52c6433732  mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm
 dc78596485a8baca38ccb62b8d5f3d30  mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm
 97323d1bf191e4eb1f1a619330f4a384  mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm
 d0c1b630a526930b597c5ebbea838e0f  mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm
 0585275b570504e13448ddec41637749  mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm
 8b16ca9b3a9467931ee55ceb7eb87e0c  mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm
 dc9cea95cdcb0bccb638e44c80db9615  mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm
 aa0746b011a0b9c607512fd024470e9d  mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm
 66c1d1d7c7f050534b14d4a00cb9be27  mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm
 bdb76cae7c31b3c747924afaaa4be9ab  mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm
 64b0a39eab31e855f7c3e232815b6970  mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm
 953d08b45ada744d1a745a1076b784cf  mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm
 5de657bd7924ba1cb92ff83c1f08c60e  mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm
 9d8167b8c997f1d9612d3f255a03e3f5  mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm
 fb0f914bf7bf17807d625cee9acef023  mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm
 0860304b68c9419a3f12e0cda3cdaa75  mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm
 aff65445ffe4308b3c0a7c4ba8fb8ae2  mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm
 be6753c6e166c8bbc4ea18a57cd53170  mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm
 3e143d7cfb7e13130e65b4e574f503d8  mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm
 1c931954172d4501ed4088d2f446dcbd  mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm
 b1717277db6c460ecef21c420b37b300  mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm
 d77487524f4c97de9045ec95ad12ab6e  mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm
 71e27adc458413c7702d6818898fe5e7  mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm
 3dbccf9557495d4348ae3505d97b38be  mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm
 3b89b8637aec14894a58bef4cd689567  mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm
 50d45e856e41c6ecff783b93a4287eda  mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm
 ad92c508abd692fbd99f7fa5aaabecc2  mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm
 3f6c510e2b249132de1e6c0f28b8aa68  mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm
 8668cd7c3ab9fee553a00a3214612ea8  mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm
 993a93fcdf4e50e09496c7043a67569a  mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm
 e5af9c493e06ed9109db7d7d6a99cf57  mbs1/x86_64/asterisk-plugins-voicemail-11.7.0-1.mbs1.x86_64.rpm
 94953089a0fc959164bb30c348422490  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.7.0-1.mbs1.x86_64.rpm
 7a09be7047f1532f31133b84d133f1e6  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.7.0-1.mbs1.x86_64.rpm
 4521559e7590de0394bdc14894630e61  mbs1/x86_64/lib64asteriskssl1-11.7.0-1.mbs1.x86_64.rpm 
 aca304a80515ea6055a0611194b56b9e  mbs1/SRPMS/asterisk-11.7.0-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFStxvDmqjQ0CJFipgRApQbAJ0RCohXqEBU6WFm15z4QSn4kv1lNQCcCzKP
wSKh57L/hfYEaWr80+243nY=
=62Pj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ