LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2013:300: asterisk Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in asterisk: Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:300
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : December 22, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in asterisk:
 
 Buffer overflow in the unpacksms16 function in apps/app_sms.c in
 Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
 and 11.x before 11.2-cert3 allows remote attackers to cause a denial
 of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).
 
 The updated packages has been upgraded to the 11.7.0 version which
 resolves various upstream bugs and is not vulnerable to this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
 https://issues.asterisk.org/jira/browse/ASTERISK-22590
 http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e24b714a039387ce246a75cb86f9a5aa  mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm
 af4da5a36e630210f2483ae3c46db9b4  mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm
 85e539430165237292a64e104c0dcaff  mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm
 5c539a9ecc40ce581a6e052498a4e17b  mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm
 2620a9775c3f4a81856e5209cb92415f  mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm
 0fb5cb906884a9a4948dacdc4f2e3728  mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm
 660123db21c5819ebba6fe52c6433732  mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm
 dc78596485a8baca38ccb62b8d5f3d30  mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm
 97323d1bf191e4eb1f1a619330f4a384  mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm
 d0c1b630a526930b597c5ebbea838e0f  mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm
 0585275b570504e13448ddec41637749  mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm
 8b16ca9b3a9467931ee55ceb7eb87e0c  mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm
 dc9cea95cdcb0bccb638e44c80db9615  mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm
 aa0746b011a0b9c607512fd024470e9d  mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm
 66c1d1d7c7f050534b14d4a00cb9be27  mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm
 bdb76cae7c31b3c747924afaaa4be9ab  mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm
 64b0a39eab31e855f7c3e232815b6970  mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm
 953d08b45ada744d1a745a1076b784cf  mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm
 5de657bd7924ba1cb92ff83c1f08c60e  mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm
 9d8167b8c997f1d9612d3f255a03e3f5  mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm
 fb0f914bf7bf17807d625cee9acef023  mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm
 0860304b68c9419a3f12e0cda3cdaa75  mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm
 aff65445ffe4308b3c0a7c4ba8fb8ae2  mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm
 be6753c6e166c8bbc4ea18a57cd53170  mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm
 3e143d7cfb7e13130e65b4e574f503d8  mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm
 1c931954172d4501ed4088d2f446dcbd  mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm
 b1717277db6c460ecef21c420b37b300  mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm
 d77487524f4c97de9045ec95ad12ab6e  mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm
 71e27adc458413c7702d6818898fe5e7  mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm
 3dbccf9557495d4348ae3505d97b38be  mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm
 3b89b8637aec14894a58bef4cd689567  mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm
 50d45e856e41c6ecff783b93a4287eda  mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm
 ad92c508abd692fbd99f7fa5aaabecc2  mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm
 3f6c510e2b249132de1e6c0f28b8aa68  mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm
 8668cd7c3ab9fee553a00a3214612ea8  mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm
 993a93fcdf4e50e09496c7043a67569a  mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm
 e5af9c493e06ed9109db7d7d6a99cf57  mbs1/x86_64/asterisk-plugins-voicemail-11.7.0-1.mbs1.x86_64.rpm
 94953089a0fc959164bb30c348422490  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.7.0-1.mbs1.x86_64.rpm
 7a09be7047f1532f31133b84d133f1e6  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.7.0-1.mbs1.x86_64.rpm
 4521559e7590de0394bdc14894630e61  mbs1/x86_64/lib64asteriskssl1-11.7.0-1.mbs1.x86_64.rpm 
 aca304a80515ea6055a0611194b56b9e  mbs1/SRPMS/asterisk-11.7.0-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.