Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in Asterisk
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in Asterisk
ID: MDVSA-2015:206
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Mo, 27. April 2015, 11:04
Referenzen: http://advisories.mageia.org/MGASA-2015-0153.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
Applikationen: Asterisk

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1430120383-14093-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:206
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : April 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated asterisk packages fix security vulnerability:
 
 When Asterisk registers to a SIP TLS device and and verifies the
 server, Asterisk will accept signed certificates that match a common
 name other than the one Asterisk is expecting if the signed certificate
 has a common name containing a null byte after the portion of the
 common name that Asterisk expected (CVE-2015-3008).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008
 http://advisories.mageia.org/MGASA-2015-0153.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 b622a720acef1302469bd5fff078bf2e 
 mbs1/x86_64/asterisk-11.17.1-1.mbs1.x86_64.rpm
 32f3ead0079bae099452d98a4691f356 
 mbs1/x86_64/asterisk-addons-11.17.1-1.mbs1.x86_64.rpm
 90e24e6c475e8c1154c9cbd82dd5e8e8 
 mbs1/x86_64/asterisk-devel-11.17.1-1.mbs1.x86_64.rpm
 2d1c0ac11edc6c5ce2afb4063ac434cf 
 mbs1/x86_64/asterisk-firmware-11.17.1-1.mbs1.x86_64.rpm
 4849b9beec8006708ad5855f4bda264e 
 mbs1/x86_64/asterisk-gui-11.17.1-1.mbs1.x86_64.rpm
 4c75d77f3cb59c13f60138caf8156352 
 mbs1/x86_64/asterisk-plugins-alsa-11.17.1-1.mbs1.x86_64.rpm
 0bd35fac194ecb10e3c1d482088a4097 
 mbs1/x86_64/asterisk-plugins-calendar-11.17.1-1.mbs1.x86_64.rpm
 192c77c10296654712131a53cbd33cde 
 mbs1/x86_64/asterisk-plugins-cel-11.17.1-1.mbs1.x86_64.rpm
 ad6c52dd1a3d92ea3c164fe5f4c88d7b 
 mbs1/x86_64/asterisk-plugins-corosync-11.17.1-1.mbs1.x86_64.rpm
 f519addc0d656d249eba9b17f911244b 
 mbs1/x86_64/asterisk-plugins-curl-11.17.1-1.mbs1.x86_64.rpm
 2db55aa7dfcdb9fd3339a1c8cbb723ab 
 mbs1/x86_64/asterisk-plugins-dahdi-11.17.1-1.mbs1.x86_64.rpm
 e9fbe3134915cbaa87b8c8d6ede1b57d 
 mbs1/x86_64/asterisk-plugins-fax-11.17.1-1.mbs1.x86_64.rpm
 ced314823d11d497168e6931028500c9 
 mbs1/x86_64/asterisk-plugins-festival-11.17.1-1.mbs1.x86_64.rpm
 f1e23eef46fb8301c6275f39cca861a1 
 mbs1/x86_64/asterisk-plugins-ices-11.17.1-1.mbs1.x86_64.rpm
 76a7de2c6f37c36253fd0cfc2951e074 
 mbs1/x86_64/asterisk-plugins-jabber-11.17.1-1.mbs1.x86_64.rpm
 faaaf393ce98c61d5e918241da1a61fc 
 mbs1/x86_64/asterisk-plugins-jack-11.17.1-1.mbs1.x86_64.rpm
 5a573a8de2f9088d10516139b8237bdb 
 mbs1/x86_64/asterisk-plugins-ldap-11.17.1-1.mbs1.x86_64.rpm
 0d5b1a2c39ce5297c3607cf28d00ead3 
 mbs1/x86_64/asterisk-plugins-lua-11.17.1-1.mbs1.x86_64.rpm
 46d790164403a789519c046761f71626 
 mbs1/x86_64/asterisk-plugins-minivm-11.17.1-1.mbs1.x86_64.rpm
 6009212f2869b027206ea239129b52e7 
 mbs1/x86_64/asterisk-plugins-mobile-11.17.1-1.mbs1.x86_64.rpm
 1c47febb630ab5e5bed9201fbb1b5102 
 mbs1/x86_64/asterisk-plugins-mp3-11.17.1-1.mbs1.x86_64.rpm
 3a7be951a05846f355c9f4694ed0cb53 
 mbs1/x86_64/asterisk-plugins-mysql-11.17.1-1.mbs1.x86_64.rpm
 7d78157a89d61a1a6e90d0f40be35886 
 mbs1/x86_64/asterisk-plugins-ooh323-11.17.1-1.mbs1.x86_64.rpm
 7da0f34159c6e8231987fb3561fbd470 
 mbs1/x86_64/asterisk-plugins-osp-11.17.1-1.mbs1.x86_64.rpm
 ec06bbf55b66d5a2d87a453e739e2d18 
 mbs1/x86_64/asterisk-plugins-oss-11.17.1-1.mbs1.x86_64.rpm
 cf44e06bc7b503c3723b780193058c3f 
 mbs1/x86_64/asterisk-plugins-pgsql-11.17.1-1.mbs1.x86_64.rpm
 107bfc1ff62b68c2be740d5b15a22017 
 mbs1/x86_64/asterisk-plugins-pktccops-11.17.1-1.mbs1.x86_64.rpm
 4fe837416f637a1aee6fde6354992283 
 mbs1/x86_64/asterisk-plugins-portaudio-11.17.1-1.mbs1.x86_64.rpm
 8b8ef562b9a312f4a75a1801beeb6770 
 mbs1/x86_64/asterisk-plugins-radius-11.17.1-1.mbs1.x86_64.rpm
 7e872343fdab26745bb04c86e3a76a2f 
 mbs1/x86_64/asterisk-plugins-saycountpl-11.17.1-1.mbs1.x86_64.rpm
 ec94405ec2bbbb96518f9c9602de16cb 
 mbs1/x86_64/asterisk-plugins-skinny-11.17.1-1.mbs1.x86_64.rpm
 4a77b93657631f73d7626e5152359b9b 
 mbs1/x86_64/asterisk-plugins-snmp-11.17.1-1.mbs1.x86_64.rpm
 54be929e9a936f402098af8a0685697f 
 mbs1/x86_64/asterisk-plugins-speex-11.17.1-1.mbs1.x86_64.rpm
 38db51cce7a67dcb4707ed4bd545e6e5 
 mbs1/x86_64/asterisk-plugins-sqlite-11.17.1-1.mbs1.x86_64.rpm
 25399ec97a84ceba4e8dcd16141f2c0a 
 mbs1/x86_64/asterisk-plugins-tds-11.17.1-1.mbs1.x86_64.rpm
 8f026b239dc37c2d274caa30e89fd9b1 
 mbs1/x86_64/asterisk-plugins-unistim-11.17.1-1.mbs1.x86_64.rpm
 e3129548c8ffec6686a0dfcfa59aad25 
 mbs1/x86_64/asterisk-plugins-voicemail-11.17.1-1.mbs1.x86_64.rpm
 ec8983601ea02f8120ce15211733dafa 
 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.17.1-1.mbs1.x86_64.rpm
 b893a384ece6c9512c940dee2750617d 
 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.17.1-1.mbs1.x86_64.rpm
 ec404cef5055da70019f0013b2724091 
 mbs1/x86_64/lib64asteriskssl1-11.17.1-1.mbs1.x86_64.rpm 
 3eab65f3e42f04794aa882f3a2c62779  mbs1/SRPMS/asterisk-11.17.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVPdlBmqjQ0CJFipgRAhRnAJ0WzixIi5UvTH8Cm3gCAVRN9Y9rTgCgh8ag
wfZFBXBaxjDiHo57IlOXga8=
=l4+z
-----END PGP SIGNATURE-----


------------=_1430120383-14093-2
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1430120383-14093-2--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung