Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Zertifikaten in Asterisk
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in Asterisk
ID: MDVSA-2015:206
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Mo, 27. April 2015, 11:04
Referenzen: http://advisories.mageia.org/MGASA-2015-0153.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008

Originalnachricht

This is a multi-part message in MIME format...

------------=_1430120383-14093-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : April 27, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated asterisk packages fix security vulnerability:

When Asterisk registers to a SIP TLS device and and verifies the
server, Asterisk will accept signed certificates that match a common
name other than the one Asterisk is expecting if the signed certificate
has a common name containing a null byte after the portion of the
common name that Asterisk expected (CVE-2015-3008).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
http://advisories.mageia.org/MGASA-2015-0153.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
b622a720acef1302469bd5fff078bf2e
mbs1/x86_64/asterisk-11.17.1-1.mbs1.x86_64.rpm
32f3ead0079bae099452d98a4691f356
mbs1/x86_64/asterisk-addons-11.17.1-1.mbs1.x86_64.rpm
90e24e6c475e8c1154c9cbd82dd5e8e8
mbs1/x86_64/asterisk-devel-11.17.1-1.mbs1.x86_64.rpm
2d1c0ac11edc6c5ce2afb4063ac434cf
mbs1/x86_64/asterisk-firmware-11.17.1-1.mbs1.x86_64.rpm
4849b9beec8006708ad5855f4bda264e
mbs1/x86_64/asterisk-gui-11.17.1-1.mbs1.x86_64.rpm
4c75d77f3cb59c13f60138caf8156352
mbs1/x86_64/asterisk-plugins-alsa-11.17.1-1.mbs1.x86_64.rpm
0bd35fac194ecb10e3c1d482088a4097
mbs1/x86_64/asterisk-plugins-calendar-11.17.1-1.mbs1.x86_64.rpm
192c77c10296654712131a53cbd33cde
mbs1/x86_64/asterisk-plugins-cel-11.17.1-1.mbs1.x86_64.rpm
ad6c52dd1a3d92ea3c164fe5f4c88d7b
mbs1/x86_64/asterisk-plugins-corosync-11.17.1-1.mbs1.x86_64.rpm
f519addc0d656d249eba9b17f911244b
mbs1/x86_64/asterisk-plugins-curl-11.17.1-1.mbs1.x86_64.rpm
2db55aa7dfcdb9fd3339a1c8cbb723ab
mbs1/x86_64/asterisk-plugins-dahdi-11.17.1-1.mbs1.x86_64.rpm
e9fbe3134915cbaa87b8c8d6ede1b57d
mbs1/x86_64/asterisk-plugins-fax-11.17.1-1.mbs1.x86_64.rpm
ced314823d11d497168e6931028500c9
mbs1/x86_64/asterisk-plugins-festival-11.17.1-1.mbs1.x86_64.rpm
f1e23eef46fb8301c6275f39cca861a1
mbs1/x86_64/asterisk-plugins-ices-11.17.1-1.mbs1.x86_64.rpm
76a7de2c6f37c36253fd0cfc2951e074
mbs1/x86_64/asterisk-plugins-jabber-11.17.1-1.mbs1.x86_64.rpm
faaaf393ce98c61d5e918241da1a61fc
mbs1/x86_64/asterisk-plugins-jack-11.17.1-1.mbs1.x86_64.rpm
5a573a8de2f9088d10516139b8237bdb
mbs1/x86_64/asterisk-plugins-ldap-11.17.1-1.mbs1.x86_64.rpm
0d5b1a2c39ce5297c3607cf28d00ead3
mbs1/x86_64/asterisk-plugins-lua-11.17.1-1.mbs1.x86_64.rpm
46d790164403a789519c046761f71626
mbs1/x86_64/asterisk-plugins-minivm-11.17.1-1.mbs1.x86_64.rpm
6009212f2869b027206ea239129b52e7
mbs1/x86_64/asterisk-plugins-mobile-11.17.1-1.mbs1.x86_64.rpm
1c47febb630ab5e5bed9201fbb1b5102
mbs1/x86_64/asterisk-plugins-mp3-11.17.1-1.mbs1.x86_64.rpm
3a7be951a05846f355c9f4694ed0cb53
mbs1/x86_64/asterisk-plugins-mysql-11.17.1-1.mbs1.x86_64.rpm
7d78157a89d61a1a6e90d0f40be35886
mbs1/x86_64/asterisk-plugins-ooh323-11.17.1-1.mbs1.x86_64.rpm
7da0f34159c6e8231987fb3561fbd470
mbs1/x86_64/asterisk-plugins-osp-11.17.1-1.mbs1.x86_64.rpm
ec06bbf55b66d5a2d87a453e739e2d18
mbs1/x86_64/asterisk-plugins-oss-11.17.1-1.mbs1.x86_64.rpm
cf44e06bc7b503c3723b780193058c3f
mbs1/x86_64/asterisk-plugins-pgsql-11.17.1-1.mbs1.x86_64.rpm
107bfc1ff62b68c2be740d5b15a22017
mbs1/x86_64/asterisk-plugins-pktccops-11.17.1-1.mbs1.x86_64.rpm
4fe837416f637a1aee6fde6354992283
mbs1/x86_64/asterisk-plugins-portaudio-11.17.1-1.mbs1.x86_64.rpm
8b8ef562b9a312f4a75a1801beeb6770
mbs1/x86_64/asterisk-plugins-radius-11.17.1-1.mbs1.x86_64.rpm
7e872343fdab26745bb04c86e3a76a2f
mbs1/x86_64/asterisk-plugins-saycountpl-11.17.1-1.mbs1.x86_64.rpm
ec94405ec2bbbb96518f9c9602de16cb
mbs1/x86_64/asterisk-plugins-skinny-11.17.1-1.mbs1.x86_64.rpm
4a77b93657631f73d7626e5152359b9b
mbs1/x86_64/asterisk-plugins-snmp-11.17.1-1.mbs1.x86_64.rpm
54be929e9a936f402098af8a0685697f
mbs1/x86_64/asterisk-plugins-speex-11.17.1-1.mbs1.x86_64.rpm
38db51cce7a67dcb4707ed4bd545e6e5
mbs1/x86_64/asterisk-plugins-sqlite-11.17.1-1.mbs1.x86_64.rpm
25399ec97a84ceba4e8dcd16141f2c0a
mbs1/x86_64/asterisk-plugins-tds-11.17.1-1.mbs1.x86_64.rpm
8f026b239dc37c2d274caa30e89fd9b1
mbs1/x86_64/asterisk-plugins-unistim-11.17.1-1.mbs1.x86_64.rpm
e3129548c8ffec6686a0dfcfa59aad25
mbs1/x86_64/asterisk-plugins-voicemail-11.17.1-1.mbs1.x86_64.rpm
ec8983601ea02f8120ce15211733dafa
mbs1/x86_64/asterisk-plugins-voicemail-imap-11.17.1-1.mbs1.x86_64.rpm
b893a384ece6c9512c940dee2750617d
mbs1/x86_64/asterisk-plugins-voicemail-plain-11.17.1-1.mbs1.x86_64.rpm
ec404cef5055da70019f0013b2724091
mbs1/x86_64/lib64asteriskssl1-11.17.1-1.mbs1.x86_64.rpm
3eab65f3e42f04794aa882f3a2c62779 mbs1/SRPMS/asterisk-11.17.1-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVPdlBmqjQ0CJFipgRAhRnAJ0WzixIi5UvTH8Cm3gCAVRN9Y9rTgCgh8ag
wfZFBXBaxjDiHo57IlOXga8=
=l4+z
-----END PGP SIGNATURE-----


------------=_1430120383-14093-2
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1430120383-14093-2--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung