Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Asterisk
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Asterisk
ID: MDVSA-2014:138
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Sa, 12. Juli 2014, 12:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047
http://downloads.asterisk.org/pub/security/AST-2014-006.html
http://downloads.asterisk.org/pub/security/AST-2014-007.html
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.11.0-summary.html
Applikationen: Asterisk

Originalnachricht

This is a multi-part message in MIME format...

------------=_1405092450-14961-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:138
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : July 11, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in asterisk:

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and
Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated
Manager users to execute arbitrary shell commands via a MixMonitor
action (CVE-2014-4046).

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and
12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6
and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of
service (connection consumption) via a large number of (1) inactive or
(2) incomplete HTTP connections (CVE-2014-4047).

The updated packages has been upgraded to the 11.11.0 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047
http://downloads.asterisk.org/pub/security/AST-2014-006.html
http://downloads.asterisk.org/pub/security/AST-2014-007.html
asterisk-11.11.0-summary.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e937dd2a5d9f6a67df27e4dd6454398f
mbs1/x86_64/asterisk-11.11.0-1.mbs1.x86_64.rpm
a85725b66368b25457533a4c3e877055
mbs1/x86_64/asterisk-addons-11.11.0-1.mbs1.x86_64.rpm
ffdc1c8d1f292326e777200506b29f94
mbs1/x86_64/asterisk-devel-11.11.0-1.mbs1.x86_64.rpm
1b4fe1e6f4cfc0405cd9f43bc942ed91
mbs1/x86_64/asterisk-firmware-11.11.0-1.mbs1.x86_64.rpm
f594da1396d28e51c6d784fb468f618a
mbs1/x86_64/asterisk-gui-11.11.0-1.mbs1.x86_64.rpm
171e3ff869f721589b7a48b0081c6afc
mbs1/x86_64/asterisk-plugins-alsa-11.11.0-1.mbs1.x86_64.rpm
1f48820459d336ae4dd483c2a6576227
mbs1/x86_64/asterisk-plugins-calendar-11.11.0-1.mbs1.x86_64.rpm
7b882ebbbc3417bf322b9234c623f781
mbs1/x86_64/asterisk-plugins-cel-11.11.0-1.mbs1.x86_64.rpm
d7ce1a6e8eba5895fb08803c372eb285
mbs1/x86_64/asterisk-plugins-corosync-11.11.0-1.mbs1.x86_64.rpm
c12c986e12a9ae1acefd1353f1c1c2da
mbs1/x86_64/asterisk-plugins-curl-11.11.0-1.mbs1.x86_64.rpm
9afd8b3c8eb7f5f8a0575b49e25cf6b8
mbs1/x86_64/asterisk-plugins-dahdi-11.11.0-1.mbs1.x86_64.rpm
945fbfc96c1c86eea0f6748e23793bdf
mbs1/x86_64/asterisk-plugins-fax-11.11.0-1.mbs1.x86_64.rpm
65be6c1cda3dcf1c5a6b2522a88ce61e
mbs1/x86_64/asterisk-plugins-festival-11.11.0-1.mbs1.x86_64.rpm
ca4d24b7d09bb0dd8f09fbd57c4e2e49
mbs1/x86_64/asterisk-plugins-ices-11.11.0-1.mbs1.x86_64.rpm
871cbd9c538462b999ea0ab4e706ecda
mbs1/x86_64/asterisk-plugins-jabber-11.11.0-1.mbs1.x86_64.rpm
1c267d79e68ec6e6a446088dc213721b
mbs1/x86_64/asterisk-plugins-jack-11.11.0-1.mbs1.x86_64.rpm
3a67da30600e5d3990b78160e067160f
mbs1/x86_64/asterisk-plugins-ldap-11.11.0-1.mbs1.x86_64.rpm
12cd5d29582b4b876136a1cfa61002c6
mbs1/x86_64/asterisk-plugins-lua-11.11.0-1.mbs1.x86_64.rpm
15c973274e70c0fe71e56d92b43f8f71
mbs1/x86_64/asterisk-plugins-minivm-11.11.0-1.mbs1.x86_64.rpm
a83fcc142030a10ff5c4bb88cb105214
mbs1/x86_64/asterisk-plugins-mobile-11.11.0-1.mbs1.x86_64.rpm
a72a75d828dbfca4eeedb7435bdc63e6
mbs1/x86_64/asterisk-plugins-mp3-11.11.0-1.mbs1.x86_64.rpm
d96a752e43350807ac4ff68b7466502c
mbs1/x86_64/asterisk-plugins-mysql-11.11.0-1.mbs1.x86_64.rpm
4879f8e873b4ac4e422edc659cabadd3
mbs1/x86_64/asterisk-plugins-ooh323-11.11.0-1.mbs1.x86_64.rpm
2a92bc419c61f00040c318d237145cf1
mbs1/x86_64/asterisk-plugins-osp-11.11.0-1.mbs1.x86_64.rpm
856119d1c534646d70bada4e47a3bbdb
mbs1/x86_64/asterisk-plugins-oss-11.11.0-1.mbs1.x86_64.rpm
e30513f32093f40e53cc4cddc4b5d3ad
mbs1/x86_64/asterisk-plugins-pgsql-11.11.0-1.mbs1.x86_64.rpm
8474c401e4a99e2ec78fed586ea29df7
mbs1/x86_64/asterisk-plugins-pktccops-11.11.0-1.mbs1.x86_64.rpm
e81f8d782fc2b8b5cc46af2f74fc0f22
mbs1/x86_64/asterisk-plugins-portaudio-11.11.0-1.mbs1.x86_64.rpm
e0b4ec334a8d767854491a3c60b45f6f
mbs1/x86_64/asterisk-plugins-radius-11.11.0-1.mbs1.x86_64.rpm
617c199316459e7cbda7967f08216672
mbs1/x86_64/asterisk-plugins-saycountpl-11.11.0-1.mbs1.x86_64.rpm
dde610fd41678c059933ccb323a250cd
mbs1/x86_64/asterisk-plugins-skinny-11.11.0-1.mbs1.x86_64.rpm
d4f765ec860ebdf55dbb518efd2b845c
mbs1/x86_64/asterisk-plugins-snmp-11.11.0-1.mbs1.x86_64.rpm
e31ed77900b96e46f9c2a42f0513187b
mbs1/x86_64/asterisk-plugins-speex-11.11.0-1.mbs1.x86_64.rpm
3fdbeb88ba4e98996da0c9d81ebea36b
mbs1/x86_64/asterisk-plugins-sqlite-11.11.0-1.mbs1.x86_64.rpm
350710fb047822f4c324b5ea59e8d739
mbs1/x86_64/asterisk-plugins-tds-11.11.0-1.mbs1.x86_64.rpm
81dcd84e21f072233117a229ea3bc562
mbs1/x86_64/asterisk-plugins-unistim-11.11.0-1.mbs1.x86_64.rpm
2b101c552b57f690a446df8113390704
mbs1/x86_64/asterisk-plugins-voicemail-11.11.0-1.mbs1.x86_64.rpm
dd8c065364100baf3b96e934e20bfefc
mbs1/x86_64/asterisk-plugins-voicemail-imap-11.11.0-1.mbs1.x86_64.rpm
85f0f40e43c629c88a29ccdd20c71b38
mbs1/x86_64/asterisk-plugins-voicemail-plain-11.11.0-1.mbs1.x86_64.rpm
e9ae8fa821f0eeacf8eb22e2930a2ac3
mbs1/x86_64/lib64asteriskssl1-11.11.0-1.mbs1.x86_64.rpm
9a59a28dedab183fc986073f01f1349f mbs1/SRPMS/asterisk-11.11.0-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTwADlmqjQ0CJFipgRAua2AKDf0+x4jdGeFbFSm4nbib2x47rXNQCgt4fX
I2hW2Up5RkUxYP2NaWrHvXc=
=oJ2k
-----END PGP SIGNATURE-----


------------=_1405092450-14961-2
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1405092450-14961-2--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung