Sicherheit: Mehrere Probleme in Asterisk

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1416574273-28973-0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:218
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in asterisk:

Remote crash when handling out of call message in certain dialplan
configurations (CVE-2014-6610).

Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566).

Mixed IP address families in access control lists may permit unwanted
traffic.

High call load may result in hung channels in ConfBridge.

Permission escalation through ConfBridge actions/dialplan functions.

The updated packages has been upgraded to the 11.14.1 version which
is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://downloads.asterisk.org/pub/security/AST-2014-010.html
http://downloads.asterisk.org/pub/security/AST-2014-011.html
http://downloads.asterisk.org/pub/security/AST-2014-012.html
http://downloads.asterisk.org/pub/security/AST-2014-014.html
http://downloads.asterisk.org/pub/security/AST-2014-017.html
asterisk-11.14.1-summary.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
c51cb6ffff59bffd642bb902ca8162f1
mbs1/x86_64/asterisk-11.14.1-1.mbs1.x86_64.rpm
c0f85969b4d756688494358697f005c9
mbs1/x86_64/asterisk-addons-11.14.1-1.mbs1.x86_64.rpm
31713ecdd6b61071fb61b42cd787701f
mbs1/x86_64/asterisk-devel-11.14.1-1.mbs1.x86_64.rpm
162e4350a312c6e090fb75194d53884d
mbs1/x86_64/asterisk-firmware-11.14.1-1.mbs1.x86_64.rpm
17e181231c0d38df044ca55e7854b51d
mbs1/x86_64/asterisk-gui-11.14.1-1.mbs1.x86_64.rpm
18c8ece7a7f60c803a7c861a65098911
mbs1/x86_64/asterisk-plugins-alsa-11.14.1-1.mbs1.x86_64.rpm
ec473426a8f58b4a3cc29d10ead4d8f6
mbs1/x86_64/asterisk-plugins-calendar-11.14.1-1.mbs1.x86_64.rpm
24e8d37e023ac50d108aec12b5046265
mbs1/x86_64/asterisk-plugins-cel-11.14.1-1.mbs1.x86_64.rpm
8968cf4e2893e81c6548374a35bd99ac
mbs1/x86_64/asterisk-plugins-corosync-11.14.1-1.mbs1.x86_64.rpm
76c6d4296d0302077875ed7f5231b2cd
mbs1/x86_64/asterisk-plugins-curl-11.14.1-1.mbs1.x86_64.rpm
fdb776323a732bf1f5d74577d1d50016
mbs1/x86_64/asterisk-plugins-dahdi-11.14.1-1.mbs1.x86_64.rpm
ac14dbc670119059cd90876c25f8d927
mbs1/x86_64/asterisk-plugins-fax-11.14.1-1.mbs1.x86_64.rpm
aa4b1e716dda92a07d1ab86924bf30f7
mbs1/x86_64/asterisk-plugins-festival-11.14.1-1.mbs1.x86_64.rpm
320c9d15d38382dba12e1fa050d23b92
mbs1/x86_64/asterisk-plugins-ices-11.14.1-1.mbs1.x86_64.rpm
1e23348126a183856b0869dc4d8d308e
mbs1/x86_64/asterisk-plugins-jabber-11.14.1-1.mbs1.x86_64.rpm
66551930b10eb068b0fdcf8c0823651d
mbs1/x86_64/asterisk-plugins-jack-11.14.1-1.mbs1.x86_64.rpm
a638c610fd6e2fd335c598c1b4da00e9
mbs1/x86_64/asterisk-plugins-ldap-11.14.1-1.mbs1.x86_64.rpm
e36665aaf4328129da0a0997eea692bc
mbs1/x86_64/asterisk-plugins-lua-11.14.1-1.mbs1.x86_64.rpm
a3c7eb40e517b35c0cefc7d9b910cdb4
mbs1/x86_64/asterisk-plugins-minivm-11.14.1-1.mbs1.x86_64.rpm
e424c8c9c5e2deab47f244b277398b51
mbs1/x86_64/asterisk-plugins-mobile-11.14.1-1.mbs1.x86_64.rpm
f80f743a85409065758b068a14e25a83
mbs1/x86_64/asterisk-plugins-mp3-11.14.1-1.mbs1.x86_64.rpm
0ac6785ecb4bd82c3b4eb92e8b149731
mbs1/x86_64/asterisk-plugins-mysql-11.14.1-1.mbs1.x86_64.rpm
477784fddff9b23b41813e073b3b8320
mbs1/x86_64/asterisk-plugins-ooh323-11.14.1-1.mbs1.x86_64.rpm
4e7301826ec3187feecdbbd1e60c11a6
mbs1/x86_64/asterisk-plugins-osp-11.14.1-1.mbs1.x86_64.rpm
1753e99e936d3975fc1861fd67250694
mbs1/x86_64/asterisk-plugins-oss-11.14.1-1.mbs1.x86_64.rpm
5cc90093af54761a46c695cf46873734
mbs1/x86_64/asterisk-plugins-pgsql-11.14.1-1.mbs1.x86_64.rpm
052fa6b84ee2a1339c4f4013f9bd9160
mbs1/x86_64/asterisk-plugins-pktccops-11.14.1-1.mbs1.x86_64.rpm
c7f857575e2fe4b0ff6b470bffeb60b2
mbs1/x86_64/asterisk-plugins-portaudio-11.14.1-1.mbs1.x86_64.rpm
eeac32dd9a60156db1dace2a44b051ab
mbs1/x86_64/asterisk-plugins-radius-11.14.1-1.mbs1.x86_64.rpm
c14dc9a89aa265ea1abe69d1596b754c
mbs1/x86_64/asterisk-plugins-saycountpl-11.14.1-1.mbs1.x86_64.rpm
fb1248b1e11190ce4150cc59b1b2f2e6
mbs1/x86_64/asterisk-plugins-skinny-11.14.1-1.mbs1.x86_64.rpm
fb50e5c640ce34213b41e8a505f7df49
mbs1/x86_64/asterisk-plugins-snmp-11.14.1-1.mbs1.x86_64.rpm
a7b4f389bc0f66937a23b7fa00c4ccac
mbs1/x86_64/asterisk-plugins-speex-11.14.1-1.mbs1.x86_64.rpm
e98250351bfbb1b2f40a1d9c39ed88dd
mbs1/x86_64/asterisk-plugins-sqlite-11.14.1-1.mbs1.x86_64.rpm
f87581b2b56a610299d53f4e25528e10
mbs1/x86_64/asterisk-plugins-tds-11.14.1-1.mbs1.x86_64.rpm
8f29e88a502cac7a49400c2040a08057
mbs1/x86_64/asterisk-plugins-unistim-11.14.1-1.mbs1.x86_64.rpm
a204d1147b7a5042eef622f6231b776b
mbs1/x86_64/asterisk-plugins-voicemail-11.14.1-1.mbs1.x86_64.rpm
7ff13281c7ff4960908786b8bdd2f069
mbs1/x86_64/asterisk-plugins-voicemail-imap-11.14.1-1.mbs1.x86_64.rpm
dc4f408b50f46b7d1e350a0dda42c770
mbs1/x86_64/asterisk-plugins-voicemail-plain-11.14.1-1.mbs1.x86_64.rpm
25587e56764c03d34e63401c979a04e2
mbs1/x86_64/lib64asteriskssl1-11.14.1-1.mbs1.x86_64.rpm
d7c66982d82943dbd48e36aca17f877b mbs1/SRPMS/asterisk-11.14.1-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUbyZpmqjQ0CJFipgRAvW0AJ46OLoVFnx4oeml/cekhyNwEx+lBQCcCTfO
tUw0YBtFUhuteeM8nfkUGMI=
=bAaS
-----END PGP SIGNATURE-----

------------=_1416574273-28973-0
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________

------------=_1416574273-28973-0--