Login
Newsletter
Werbung

Sicherheit: Denial of Service in Asterisk
Aktuelle Meldungen Distributionen
Name: Denial of Service in Asterisk
ID: MDVSA-2013:223
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Fr, 30. August 2013, 23:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
Applikationen: Asterisk

Originalnachricht

This is a multi-part message in MIME format...

------------=_1377871264-3002-33

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : August 30, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated asterisk packages fix security vulnerabilities:

A remotely exploitable crash vulnerability exists in the SIP channel
driver if an ACK with SDP is received after the channel has been
terminated. The handling code incorrectly assumes that the channel
will always be present (CVE-2013-5641).

A remotely exploitable crash vulnerability exists in the SIP channel
driver if an invalid SDP is sent in a SIP request that defines
media descriptions before connection information. The handling code
incorrectly attempts to reference the socket address information even
though that information has not yet been set (CVE-2013-5642).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
8d6a5cea86fae9d2a712793389601841
mbs1/x86_64/asterisk-11.5.1-1.mbs1.x86_64.rpm
73e02e30167239a63676db49cbd2b927
mbs1/x86_64/asterisk-addons-11.5.1-1.mbs1.x86_64.rpm
b6ef5db547893dcc6e1418a05576c272
mbs1/x86_64/asterisk-devel-11.5.1-1.mbs1.x86_64.rpm
a53a92f45773124e809a9b49f6ae7e56
mbs1/x86_64/asterisk-firmware-11.5.1-1.mbs1.x86_64.rpm
d3db6848b5e2d3c248660a2622f986a3
mbs1/x86_64/asterisk-gui-11.5.1-1.mbs1.x86_64.rpm
5de2bee926c384793f7459c5824c793a
mbs1/x86_64/asterisk-plugins-alsa-11.5.1-1.mbs1.x86_64.rpm
777ac119b651950c079d91f89c4d0753
mbs1/x86_64/asterisk-plugins-calendar-11.5.1-1.mbs1.x86_64.rpm
2eb6cfe6e294de2a87029a232fe20cbe
mbs1/x86_64/asterisk-plugins-cel-11.5.1-1.mbs1.x86_64.rpm
eb84932a5490c14afe0be9b73a7caffb
mbs1/x86_64/asterisk-plugins-corosync-11.5.1-1.mbs1.x86_64.rpm
392eedde1710ee72a049a5a272a27200
mbs1/x86_64/asterisk-plugins-curl-11.5.1-1.mbs1.x86_64.rpm
978673550d533947a524e350c7d2d3f2
mbs1/x86_64/asterisk-plugins-dahdi-11.5.1-1.mbs1.x86_64.rpm
537327e04dbb9601073c826fbf004411
mbs1/x86_64/asterisk-plugins-fax-11.5.1-1.mbs1.x86_64.rpm
5821d30e5ca8072e3cccbdcadc240802
mbs1/x86_64/asterisk-plugins-festival-11.5.1-1.mbs1.x86_64.rpm
a4b54763013181e23cf87107ee67abff
mbs1/x86_64/asterisk-plugins-ices-11.5.1-1.mbs1.x86_64.rpm
bf33d9d761c740fa597ca525c419ab81
mbs1/x86_64/asterisk-plugins-jabber-11.5.1-1.mbs1.x86_64.rpm
07d060bd7155aa6491159f64f99cf87f
mbs1/x86_64/asterisk-plugins-jack-11.5.1-1.mbs1.x86_64.rpm
2f7bccb5f7802aa7db8c1f9a2ca13048
mbs1/x86_64/asterisk-plugins-ldap-11.5.1-1.mbs1.x86_64.rpm
3d955f6ee9d6a4e0836d9a3199529e9e
mbs1/x86_64/asterisk-plugins-lua-11.5.1-1.mbs1.x86_64.rpm
d8cbd8af3d0417e354a5349044a21836
mbs1/x86_64/asterisk-plugins-minivm-11.5.1-1.mbs1.x86_64.rpm
73067fb2b9ae41989568be607798f46e
mbs1/x86_64/asterisk-plugins-mobile-11.5.1-1.mbs1.x86_64.rpm
7feca150f48f24d088bfd753c722f51a
mbs1/x86_64/asterisk-plugins-mp3-11.5.1-1.mbs1.x86_64.rpm
f9063783181eeb8054e2e0ca0ed49443
mbs1/x86_64/asterisk-plugins-mysql-11.5.1-1.mbs1.x86_64.rpm
5b912c96bb44b39f1fc806c4ba27c019
mbs1/x86_64/asterisk-plugins-ooh323-11.5.1-1.mbs1.x86_64.rpm
9a9e353bb8091fbe0a013f21d4a80820
mbs1/x86_64/asterisk-plugins-osp-11.5.1-1.mbs1.x86_64.rpm
f383a54fabf326eb5e3e90c2e91bf3b0
mbs1/x86_64/asterisk-plugins-oss-11.5.1-1.mbs1.x86_64.rpm
66e46e44eee2bb05b3213e159ea1530c
mbs1/x86_64/asterisk-plugins-pgsql-11.5.1-1.mbs1.x86_64.rpm
0b71b7e01495e0b0afb046d73763fbb7
mbs1/x86_64/asterisk-plugins-pktccops-11.5.1-1.mbs1.x86_64.rpm
08188b435a6344ff7b06d7d7d60b4a14
mbs1/x86_64/asterisk-plugins-portaudio-11.5.1-1.mbs1.x86_64.rpm
1144017cc930f58d5200663239af8a14
mbs1/x86_64/asterisk-plugins-radius-11.5.1-1.mbs1.x86_64.rpm
6b9cd525004dcff842aa719b5bae4452
mbs1/x86_64/asterisk-plugins-saycountpl-11.5.1-1.mbs1.x86_64.rpm
4f5f10a87270007eb45ec16936f57c03
mbs1/x86_64/asterisk-plugins-skinny-11.5.1-1.mbs1.x86_64.rpm
947cdf0cdcd851af19e1c409b95a9b2a
mbs1/x86_64/asterisk-plugins-snmp-11.5.1-1.mbs1.x86_64.rpm
bb0cc29439b5b18b00eb8b592dd91c49
mbs1/x86_64/asterisk-plugins-speex-11.5.1-1.mbs1.x86_64.rpm
1a98ce112e3b6fe2fe20d0bd39783369
mbs1/x86_64/asterisk-plugins-sqlite-11.5.1-1.mbs1.x86_64.rpm
293996c64cfbce34a57da60031cce64d
mbs1/x86_64/asterisk-plugins-tds-11.5.1-1.mbs1.x86_64.rpm
740eadfe63133ceb5ff6d6edf4589cd0
mbs1/x86_64/asterisk-plugins-unistim-11.5.1-1.mbs1.x86_64.rpm
97c6fc33d3148a86fe5f3f0401e53645
mbs1/x86_64/asterisk-plugins-voicemail-11.5.1-1.mbs1.x86_64.rpm
3c4b4ba0a19608100f2089242c19c279
mbs1/x86_64/asterisk-plugins-voicemail-imap-11.5.1-1.mbs1.x86_64.rpm
90ac34a2f552e44097c7f54d414bd768
mbs1/x86_64/asterisk-plugins-voicemail-plain-11.5.1-1.mbs1.x86_64.rpm
2ed88fea8caa45abcb8aa31ef3bed941
mbs1/x86_64/lib64asteriskssl1-11.5.1-1.mbs1.x86_64.rpm
2599810cd469d529fc97a71ab5525836 mbs1/SRPMS/asterisk-11.5.1-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSIHqRmqjQ0CJFipgRAmZ1AKDuU5bzx0qzu3IEZ6Z6iNkXWLgcHQCfV4Bb
D9cKtBYCnWXKwzb9rnWCGFM=
=/HBp
-----END PGP SIGNATURE-----


------------=_1377871264-3002-33
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1377871264-3002-33--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung