-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:140 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : April 10, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerablilities was identified and fixed in asterisk: The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur (CVE-2013-2264). Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header (CVE-2013-2685). main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976 (CVE-2013-2686). The updated packages have upgraded to the 11.2.2 version which is not vulnerable to these issues _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: a54f9c52287911d3009b9a4a63b0d9b5 mbs1/x86_64/asterisk-11.2.2-1.mbs1.x86_64.rpm bcb912383884c79bb03fff129c5e73a2 mbs1/x86_64/asterisk-addons-11.2.2-1.mbs1.x86_64.rpm df3e731ab622828d3fc24ce2d6d8ff05 mbs1/x86_64/asterisk-devel-11.2.2-1.mbs1.x86_64.rpm 6f50863ffe38eb34af0c815d1f72ed8e mbs1/x86_64/asterisk-firmware-11.2.2-1.mbs1.x86_64.rpm c9e37bd25faa73c7db9a80add5f4c41a mbs1/x86_64/asterisk-plugins-alsa-11.2.2-1.mbs1.x86_64.rpm 4ca4658e6c0789c9b1a8d08a35508127 mbs1/x86_64/asterisk-plugins-calendar-11.2.2-1.mbs1.x86_64.rpm 0422472f189ed9cc7b321d6aa545d083 mbs1/x86_64/asterisk-plugins-cel-11.2.2-1.mbs1.x86_64.rpm 7120a68c9917f2089bcc0573e61814af mbs1/x86_64/asterisk-plugins-corosync-11.2.2-1.mbs1.x86_64.rpm 229099ec3eb0ec8c9a158cd12b3c7381 mbs1/x86_64/asterisk-plugins-curl-11.2.2-1.mbs1.x86_64.rpm 0df35ef09a290759c86d2f83dc493317 mbs1/x86_64/asterisk-plugins-dahdi-11.2.2-1.mbs1.x86_64.rpm fca23ba0184fca97687de135bc6db938 mbs1/x86_64/asterisk-plugins-fax-11.2.2-1.mbs1.x86_64.rpm e8ef64d157e89569a24642df5ecd218d mbs1/x86_64/asterisk-plugins-festival-11.2.2-1.mbs1.x86_64.rpm dae0d37e87a647e9dcf7c103b2d75936 mbs1/x86_64/asterisk-plugins-ices-11.2.2-1.mbs1.x86_64.rpm 6003a92d49063d384f64557102de45a0 mbs1/x86_64/asterisk-plugins-jabber-11.2.2-1.mbs1.x86_64.rpm 7f24a0975072b8267514594124c59ab9 mbs1/x86_64/asterisk-plugins-jack-11.2.2-1.mbs1.x86_64.rpm 18c95e28ed7e2030296f89a228bb3866 mbs1/x86_64/asterisk-plugins-ldap-11.2.2-1.mbs1.x86_64.rpm 74d80afb084ae84a1d03df32fa150eeb mbs1/x86_64/asterisk-plugins-lua-11.2.2-1.mbs1.x86_64.rpm 34b054b98623abbef21308ff2ae9ce8e mbs1/x86_64/asterisk-plugins-minivm-11.2.2-1.mbs1.x86_64.rpm 3f5ec5d48595ce72b732e7041a221e5e mbs1/x86_64/asterisk-plugins-mobile-11.2.2-1.mbs1.x86_64.rpm c8dd361926bbf937381f38dd52b2c033 mbs1/x86_64/asterisk-plugins-mp3-11.2.2-1.mbs1.x86_64.rpm 18a3412d113e67bf89a1c7ccde2d6580 mbs1/x86_64/asterisk-plugins-mysql-11.2.2-1.mbs1.x86_64.rpm 73fa8038d86571a80a5bce4811a98186 mbs1/x86_64/asterisk-plugins-ooh323-11.2.2-1.mbs1.x86_64.rpm 825402b29cfba17e1927e732d9d5ec58 mbs1/x86_64/asterisk-plugins-osp-11.2.2-1.mbs1.x86_64.rpm 0c324752f143577ab5ec722519c92144 mbs1/x86_64/asterisk-plugins-oss-11.2.2-1.mbs1.x86_64.rpm 1ebf4f1ac970416960f0fe3507d94d40 mbs1/x86_64/asterisk-plugins-pgsql-11.2.2-1.mbs1.x86_64.rpm 17d23d345b78b40f91ac28ccf4adbcd6 mbs1/x86_64/asterisk-plugins-pktccops-11.2.2-1.mbs1.x86_64.rpm 548eb2863e0d867a2b6e2c40318ec435 mbs1/x86_64/asterisk-plugins-portaudio-11.2.2-1.mbs1.x86_64.rpm cb48575342032fcfd0a5a65a6ad2623f mbs1/x86_64/asterisk-plugins-radius-11.2.2-1.mbs1.x86_64.rpm 400248688a8f1d52971bfb4699e369b0 mbs1/x86_64/asterisk-plugins-saycountpl-11.2.2-1.mbs1.x86_64.rpm 07bcb252b9149c9fc9a649313ae37537 mbs1/x86_64/asterisk-plugins-skinny-11.2.2-1.mbs1.x86_64.rpm 5bdaeac4b6f9b137407c3de3ddf2b689 mbs1/x86_64/asterisk-plugins-snmp-11.2.2-1.mbs1.x86_64.rpm e5a514d2bb105e1d6dfc97a8cdb88d2c mbs1/x86_64/asterisk-plugins-speex-11.2.2-1.mbs1.x86_64.rpm 90bb6435b54c96d12a81a5545e77f8bd mbs1/x86_64/asterisk-plugins-sqlite-11.2.2-1.mbs1.x86_64.rpm 2f74005d5ce692d239ea34513c40acaa mbs1/x86_64/asterisk-plugins-tds-11.2.2-1.mbs1.x86_64.rpm 4fdef5ff76eb88108fb0a8db7dcc78be mbs1/x86_64/asterisk-plugins-unistim-11.2.2-1.mbs1.x86_64.rpm 5c713b0ade322da6da36502bbc54934a mbs1/x86_64/asterisk-plugins-voicemail-11.2.2-1.mbs1.x86_64.rpm ef051b35a2cda8e1d7cbe09681b24d28 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.2.2-1.mbs1.x86_64.rpm 94bc9b4c92f2021240fead1b63a7708d mbs1/x86_64/asterisk-plugins-voicemail-plain-11.2.2-1.mbs1.x86_64.rpm 49a4eddca35fa01f473ede3103700470 mbs1/x86_64/lib64asteriskssl1-11.2.2-1.mbs1.x86_64.rpm ae5eddf71c3f1964a07635ab0a3e23a5 mbs1/SRPMS/asterisk-11.2.2-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRZWZmmqjQ0CJFipgRArhsAKC9fNsHR3BYRvvUFe7zjg6hBLGQHwCgj2Ip 0y7HyM54ytz3xd14ULzXIVo= =9w8B -----END PGP SIGNATURE-----