LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:223: asterisk Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Updated asterisk packages fix security vulnerabilities: A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:223
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : August 30, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated asterisk packages fix security vulnerabilities:
 
 A remotely exploitable crash vulnerability exists in the SIP channel
 driver if an ACK with SDP is received after the channel has been
 terminated. The handling code incorrectly assumes that the channel
 will always be present (CVE-2013-5641).
 
 A remotely exploitable crash vulnerability exists in the SIP channel
 driver if an invalid SDP is sent in a SIP request that defines
 media descriptions before connection information. The handling code
 incorrectly attempts to reference the socket address information even
 though that information has not yet been set (CVE-2013-5642).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
 http://downloads.asterisk.org/pub/security/AST-2013-004.html
 http://downloads.asterisk.org/pub/security/AST-2013-005.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 8d6a5cea86fae9d2a712793389601841  mbs1/x86_64/asterisk-11.5.1-1.mbs1.x86_64.rpm
 73e02e30167239a63676db49cbd2b927  mbs1/x86_64/asterisk-addons-11.5.1-1.mbs1.x86_64.rpm
 b6ef5db547893dcc6e1418a05576c272  mbs1/x86_64/asterisk-devel-11.5.1-1.mbs1.x86_64.rpm
 a53a92f45773124e809a9b49f6ae7e56  mbs1/x86_64/asterisk-firmware-11.5.1-1.mbs1.x86_64.rpm
 d3db6848b5e2d3c248660a2622f986a3  mbs1/x86_64/asterisk-gui-11.5.1-1.mbs1.x86_64.rpm
 5de2bee926c384793f7459c5824c793a  mbs1/x86_64/asterisk-plugins-alsa-11.5.1-1.mbs1.x86_64.rpm
 777ac119b651950c079d91f89c4d0753  mbs1/x86_64/asterisk-plugins-calendar-11.5.1-1.mbs1.x86_64.rpm
 2eb6cfe6e294de2a87029a232fe20cbe  mbs1/x86_64/asterisk-plugins-cel-11.5.1-1.mbs1.x86_64.rpm
 eb84932a5490c14afe0be9b73a7caffb  mbs1/x86_64/asterisk-plugins-corosync-11.5.1-1.mbs1.x86_64.rpm
 392eedde1710ee72a049a5a272a27200  mbs1/x86_64/asterisk-plugins-curl-11.5.1-1.mbs1.x86_64.rpm
 978673550d533947a524e350c7d2d3f2  mbs1/x86_64/asterisk-plugins-dahdi-11.5.1-1.mbs1.x86_64.rpm
 537327e04dbb9601073c826fbf004411  mbs1/x86_64/asterisk-plugins-fax-11.5.1-1.mbs1.x86_64.rpm
 5821d30e5ca8072e3cccbdcadc240802  mbs1/x86_64/asterisk-plugins-festival-11.5.1-1.mbs1.x86_64.rpm
 a4b54763013181e23cf87107ee67abff  mbs1/x86_64/asterisk-plugins-ices-11.5.1-1.mbs1.x86_64.rpm
 bf33d9d761c740fa597ca525c419ab81  mbs1/x86_64/asterisk-plugins-jabber-11.5.1-1.mbs1.x86_64.rpm
 07d060bd7155aa6491159f64f99cf87f  mbs1/x86_64/asterisk-plugins-jack-11.5.1-1.mbs1.x86_64.rpm
 2f7bccb5f7802aa7db8c1f9a2ca13048  mbs1/x86_64/asterisk-plugins-ldap-11.5.1-1.mbs1.x86_64.rpm
 3d955f6ee9d6a4e0836d9a3199529e9e  mbs1/x86_64/asterisk-plugins-lua-11.5.1-1.mbs1.x86_64.rpm
 d8cbd8af3d0417e354a5349044a21836  mbs1/x86_64/asterisk-plugins-minivm-11.5.1-1.mbs1.x86_64.rpm
 73067fb2b9ae41989568be607798f46e  mbs1/x86_64/asterisk-plugins-mobile-11.5.1-1.mbs1.x86_64.rpm
 7feca150f48f24d088bfd753c722f51a  mbs1/x86_64/asterisk-plugins-mp3-11.5.1-1.mbs1.x86_64.rpm
 f9063783181eeb8054e2e0ca0ed49443  mbs1/x86_64/asterisk-plugins-mysql-11.5.1-1.mbs1.x86_64.rpm
 5b912c96bb44b39f1fc806c4ba27c019  mbs1/x86_64/asterisk-plugins-ooh323-11.5.1-1.mbs1.x86_64.rpm
 9a9e353bb8091fbe0a013f21d4a80820  mbs1/x86_64/asterisk-plugins-osp-11.5.1-1.mbs1.x86_64.rpm
 f383a54fabf326eb5e3e90c2e91bf3b0  mbs1/x86_64/asterisk-plugins-oss-11.5.1-1.mbs1.x86_64.rpm
 66e46e44eee2bb05b3213e159ea1530c  mbs1/x86_64/asterisk-plugins-pgsql-11.5.1-1.mbs1.x86_64.rpm
 0b71b7e01495e0b0afb046d73763fbb7  mbs1/x86_64/asterisk-plugins-pktccops-11.5.1-1.mbs1.x86_64.rpm
 08188b435a6344ff7b06d7d7d60b4a14  mbs1/x86_64/asterisk-plugins-portaudio-11.5.1-1.mbs1.x86_64.rpm
 1144017cc930f58d5200663239af8a14  mbs1/x86_64/asterisk-plugins-radius-11.5.1-1.mbs1.x86_64.rpm
 6b9cd525004dcff842aa719b5bae4452  mbs1/x86_64/asterisk-plugins-saycountpl-11.5.1-1.mbs1.x86_64.rpm
 4f5f10a87270007eb45ec16936f57c03  mbs1/x86_64/asterisk-plugins-skinny-11.5.1-1.mbs1.x86_64.rpm
 947cdf0cdcd851af19e1c409b95a9b2a  mbs1/x86_64/asterisk-plugins-snmp-11.5.1-1.mbs1.x86_64.rpm
 bb0cc29439b5b18b00eb8b592dd91c49  mbs1/x86_64/asterisk-plugins-speex-11.5.1-1.mbs1.x86_64.rpm
 1a98ce112e3b6fe2fe20d0bd39783369  mbs1/x86_64/asterisk-plugins-sqlite-11.5.1-1.mbs1.x86_64.rpm
 293996c64cfbce34a57da60031cce64d  mbs1/x86_64/asterisk-plugins-tds-11.5.1-1.mbs1.x86_64.rpm
 740eadfe63133ceb5ff6d6edf4589cd0  mbs1/x86_64/asterisk-plugins-unistim-11.5.1-1.mbs1.x86_64.rpm
 97c6fc33d3148a86fe5f3f0401e53645  mbs1/x86_64/asterisk-plugins-voicemail-11.5.1-1.mbs1.x86_64.rpm
 3c4b4ba0a19608100f2089242c19c279  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.5.1-1.mbs1.x86_64.rpm
 90ac34a2f552e44097c7f54d414bd768  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.5.1-1.mbs1.x86_64.rpm
 2ed88fea8caa45abcb8aa31ef3bed941  mbs1/x86_64/lib64asteriskssl1-11.5.1-1.mbs1.x86_64.rpm 
 2599810cd469d529fc97a71ab5525836  mbs1/SRPMS/asterisk-11.5.1-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
Internet of things big security worry, says HP
Boffins build FREE SUPERCOMPUTER from free cloud server trials
Insecure Connections: Enterprises hacked after neglecting third-party risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.