Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : asterisk
Date : August 30, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated asterisk packages fix security vulnerabilities:
A remotely exploitable crash vulnerability exists in the SIP channel
driver if an ACK with SDP is received after the channel has been
terminated. The handling code incorrectly assumes that the channel
will always be present (CVE-2013-5641).
A remotely exploitable crash vulnerability exists in the SIP channel
driver if an invalid SDP is sent in a SIP request that defines
media descriptions before connection information. The handling code
incorrectly attempts to reference the socket address information even
though that information has not yet been set (CVE-2013-5642).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
8d6a5cea86fae9d2a712793389601841 mbs1/x86_64/asterisk-11.5.1-1.mbs1.x86_64.rpm
73e02e30167239a63676db49cbd2b927 mbs1/x86_64/asterisk-addons-11.5.1-1.mbs1.x86_64.rpm
b6ef5db547893dcc6e1418a05576c272 mbs1/x86_64/asterisk-devel-11.5.1-1.mbs1.x86_64.rpm
a53a92f45773124e809a9b49f6ae7e56 mbs1/x86_64/asterisk-firmware-11.5.1-1.mbs1.x86_64.rpm
d3db6848b5e2d3c248660a2622f986a3 mbs1/x86_64/asterisk-gui-11.5.1-1.mbs1.x86_64.rpm
5de2bee926c384793f7459c5824c793a mbs1/x86_64/asterisk-plugins-alsa-11.5.1-1.mbs1.x86_64.rpm
777ac119b651950c079d91f89c4d0753 mbs1/x86_64/asterisk-plugins-calendar-11.5.1-1.mbs1.x86_64.rpm
2eb6cfe6e294de2a87029a232fe20cbe mbs1/x86_64/asterisk-plugins-cel-11.5.1-1.mbs1.x86_64.rpm
eb84932a5490c14afe0be9b73a7caffb mbs1/x86_64/asterisk-plugins-corosync-11.5.1-1.mbs1.x86_64.rpm
392eedde1710ee72a049a5a272a27200 mbs1/x86_64/asterisk-plugins-curl-11.5.1-1.mbs1.x86_64.rpm
978673550d533947a524e350c7d2d3f2 mbs1/x86_64/asterisk-plugins-dahdi-11.5.1-1.mbs1.x86_64.rpm
537327e04dbb9601073c826fbf004411 mbs1/x86_64/asterisk-plugins-fax-11.5.1-1.mbs1.x86_64.rpm
5821d30e5ca8072e3cccbdcadc240802 mbs1/x86_64/asterisk-plugins-festival-11.5.1-1.mbs1.x86_64.rpm
a4b54763013181e23cf87107ee67abff mbs1/x86_64/asterisk-plugins-ices-11.5.1-1.mbs1.x86_64.rpm
bf33d9d761c740fa597ca525c419ab81 mbs1/x86_64/asterisk-plugins-jabber-11.5.1-1.mbs1.x86_64.rpm
07d060bd7155aa6491159f64f99cf87f mbs1/x86_64/asterisk-plugins-jack-11.5.1-1.mbs1.x86_64.rpm
2f7bccb5f7802aa7db8c1f9a2ca13048 mbs1/x86_64/asterisk-plugins-ldap-11.5.1-1.mbs1.x86_64.rpm
3d955f6ee9d6a4e0836d9a3199529e9e mbs1/x86_64/asterisk-plugins-lua-11.5.1-1.mbs1.x86_64.rpm
d8cbd8af3d0417e354a5349044a21836 mbs1/x86_64/asterisk-plugins-minivm-11.5.1-1.mbs1.x86_64.rpm
73067fb2b9ae41989568be607798f46e mbs1/x86_64/asterisk-plugins-mobile-11.5.1-1.mbs1.x86_64.rpm
7feca150f48f24d088bfd753c722f51a mbs1/x86_64/asterisk-plugins-mp3-11.5.1-1.mbs1.x86_64.rpm
f9063783181eeb8054e2e0ca0ed49443 mbs1/x86_64/asterisk-plugins-mysql-11.5.1-1.mbs1.x86_64.rpm
5b912c96bb44b39f1fc806c4ba27c019 mbs1/x86_64/asterisk-plugins-ooh323-11.5.1-1.mbs1.x86_64.rpm
9a9e353bb8091fbe0a013f21d4a80820 mbs1/x86_64/asterisk-plugins-osp-11.5.1-1.mbs1.x86_64.rpm
f383a54fabf326eb5e3e90c2e91bf3b0 mbs1/x86_64/asterisk-plugins-oss-11.5.1-1.mbs1.x86_64.rpm
66e46e44eee2bb05b3213e159ea1530c mbs1/x86_64/asterisk-plugins-pgsql-11.5.1-1.mbs1.x86_64.rpm
0b71b7e01495e0b0afb046d73763fbb7 mbs1/x86_64/asterisk-plugins-pktccops-11.5.1-1.mbs1.x86_64.rpm
08188b435a6344ff7b06d7d7d60b4a14 mbs1/x86_64/asterisk-plugins-portaudio-11.5.1-1.mbs1.x86_64.rpm
1144017cc930f58d5200663239af8a14 mbs1/x86_64/asterisk-plugins-radius-11.5.1-1.mbs1.x86_64.rpm
6b9cd525004dcff842aa719b5bae4452 mbs1/x86_64/asterisk-plugins-saycountpl-11.5.1-1.mbs1.x86_64.rpm
4f5f10a87270007eb45ec16936f57c03 mbs1/x86_64/asterisk-plugins-skinny-11.5.1-1.mbs1.x86_64.rpm
947cdf0cdcd851af19e1c409b95a9b2a mbs1/x86_64/asterisk-plugins-snmp-11.5.1-1.mbs1.x86_64.rpm
bb0cc29439b5b18b00eb8b592dd91c49 mbs1/x86_64/asterisk-plugins-speex-11.5.1-1.mbs1.x86_64.rpm
1a98ce112e3b6fe2fe20d0bd39783369 mbs1/x86_64/asterisk-plugins-sqlite-11.5.1-1.mbs1.x86_64.rpm
293996c64cfbce34a57da60031cce64d mbs1/x86_64/asterisk-plugins-tds-11.5.1-1.mbs1.x86_64.rpm
740eadfe63133ceb5ff6d6edf4589cd0 mbs1/x86_64/asterisk-plugins-unistim-11.5.1-1.mbs1.x86_64.rpm
97c6fc33d3148a86fe5f3f0401e53645 mbs1/x86_64/asterisk-plugins-voicemail-11.5.1-1.mbs1.x86_64.rpm
3c4b4ba0a19608100f2089242c19c279 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.5.1-1.mbs1.x86_64.rpm
90ac34a2f552e44097c7f54d414bd768 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.5.1-1.mbs1.x86_64.rpm
2ed88fea8caa45abcb8aa31ef3bed941 mbs1/x86_64/lib64asteriskssl1-11.5.1-1.mbs1.x86_64.rpm
2599810cd469d529fc97a71ab5525836 mbs1/SRPMS/asterisk-11.5.1-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSIHqRmqjQ0CJFipgRAmZ1AKDuU5bzx0qzu3IEZ6Z6iNkXWLgcHQCfV4Bb
D9cKtBYCnWXKwzb9rnWCGFM=
=/HBp
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed