Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in Asterisk
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in Asterisk
ID: MDVSA-2013:300
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: Di, 24. Dezember 2013, 09:57
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html
https://issues.asterisk.org/jira/browse/ASTERISK-22590
Applikationen: Asterisk

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1387792821-2618-60

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:300
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : December 22, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in asterisk:
 
 Buffer overflow in the unpacksms16 function in apps/app_sms.c in
 Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
 and 11.x before 11.2-cert3 allows remote attackers to cause a denial
 of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).
 
 The updated packages has been upgraded to the 11.7.0 version which
 resolves various upstream bugs and is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
 https://issues.asterisk.org/jira/browse/ASTERISK-22590
 asterisk-11.7.0-summary.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e24b714a039387ce246a75cb86f9a5aa 
 mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm
 af4da5a36e630210f2483ae3c46db9b4 
 mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm
 85e539430165237292a64e104c0dcaff 
 mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm
 5c539a9ecc40ce581a6e052498a4e17b 
 mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm
 2620a9775c3f4a81856e5209cb92415f 
 mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm
 0fb5cb906884a9a4948dacdc4f2e3728 
 mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm
 660123db21c5819ebba6fe52c6433732 
 mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm
 dc78596485a8baca38ccb62b8d5f3d30 
 mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm
 97323d1bf191e4eb1f1a619330f4a384 
 mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm
 d0c1b630a526930b597c5ebbea838e0f 
 mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm
 0585275b570504e13448ddec41637749 
 mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm
 8b16ca9b3a9467931ee55ceb7eb87e0c 
 mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm
 dc9cea95cdcb0bccb638e44c80db9615 
 mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm
 aa0746b011a0b9c607512fd024470e9d 
 mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm
 66c1d1d7c7f050534b14d4a00cb9be27 
 mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm
 bdb76cae7c31b3c747924afaaa4be9ab 
 mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm
 64b0a39eab31e855f7c3e232815b6970 
 mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm
 953d08b45ada744d1a745a1076b784cf 
 mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm
 5de657bd7924ba1cb92ff83c1f08c60e 
 mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm
 9d8167b8c997f1d9612d3f255a03e3f5 
 mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm
 fb0f914bf7bf17807d625cee9acef023 
 mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm
 0860304b68c9419a3f12e0cda3cdaa75 
 mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm
 aff65445ffe4308b3c0a7c4ba8fb8ae2 
 mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm
 be6753c6e166c8bbc4ea18a57cd53170 
 mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm
 3e143d7cfb7e13130e65b4e574f503d8 
 mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm
 1c931954172d4501ed4088d2f446dcbd 
 mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm
 b1717277db6c460ecef21c420b37b300 
 mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm
 d77487524f4c97de9045ec95ad12ab6e 
 mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm
 71e27adc458413c7702d6818898fe5e7 
 mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm
 3dbccf9557495d4348ae3505d97b38be 
 mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm
 3b89b8637aec14894a58bef4cd689567 
 mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm
 50d45e856e41c6ecff783b93a4287eda 
 mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm
 ad92c508abd692fbd99f7fa5aaabecc2 
 mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm
 3f6c510e2b249132de1e6c0f28b8aa68 
 mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm
 8668cd7c3ab9fee553a00a3214612ea8 
 mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm
 993a93fcdf4e50e09496c7043a67569a 
 mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm
 e5af9c493e06ed9109db7d7d6a99cf57 
 mbs1/x86_64/asterisk-plugins-voicemail-11.7.0-1.mbs1.x86_64.rpm
 94953089a0fc959164bb30c348422490 
 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.7.0-1.mbs1.x86_64.rpm
 7a09be7047f1532f31133b84d133f1e6 
 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.7.0-1.mbs1.x86_64.rpm
 4521559e7590de0394bdc14894630e61 
 mbs1/x86_64/lib64asteriskssl1-11.7.0-1.mbs1.x86_64.rpm 
 aca304a80515ea6055a0611194b56b9e  mbs1/SRPMS/asterisk-11.7.0-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFStxvDmqjQ0CJFipgRApQbAJ0RCohXqEBU6WFm15z4QSn4kv1lNQCcCzKP
wSKh57L/hfYEaWr80+243nY=
=62Pj
-----END PGP SIGNATURE-----


------------=_1387792821-2618-60
Content-Type: text/plain; charset="UTF-8";
 name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://store.mandriva.com
_______________________________________________________


------------=_1387792821-2618-60--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung