-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:300 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : December 22, 2013 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in asterisk: Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100). The updated packages has been upgraded to the 11.7.0 version which resolves various upstream bugs and is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100 https://issues.asterisk.org/jira/browse/ASTERISK-22590 http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: e24b714a039387ce246a75cb86f9a5aa mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm af4da5a36e630210f2483ae3c46db9b4 mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm 85e539430165237292a64e104c0dcaff mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm 5c539a9ecc40ce581a6e052498a4e17b mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm 2620a9775c3f4a81856e5209cb92415f mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm 0fb5cb906884a9a4948dacdc4f2e3728 mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm 660123db21c5819ebba6fe52c6433732 mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm dc78596485a8baca38ccb62b8d5f3d30 mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm 97323d1bf191e4eb1f1a619330f4a384 mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm d0c1b630a526930b597c5ebbea838e0f mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm 0585275b570504e13448ddec41637749 mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm 8b16ca9b3a9467931ee55ceb7eb87e0c mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm dc9cea95cdcb0bccb638e44c80db9615 mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm aa0746b011a0b9c607512fd024470e9d mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm 66c1d1d7c7f050534b14d4a00cb9be27 mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm bdb76cae7c31b3c747924afaaa4be9ab mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm 64b0a39eab31e855f7c3e232815b6970 mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm 953d08b45ada744d1a745a1076b784cf mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm 5de657bd7924ba1cb92ff83c1f08c60e mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm 9d8167b8c997f1d9612d3f255a03e3f5 mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm fb0f914bf7bf17807d625cee9acef023 mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm 0860304b68c9419a3f12e0cda3cdaa75 mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm aff65445ffe4308b3c0a7c4ba8fb8ae2 mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm be6753c6e166c8bbc4ea18a57cd53170 mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm 3e143d7cfb7e13130e65b4e574f503d8 mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm 1c931954172d4501ed4088d2f446dcbd mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm b1717277db6c460ecef21c420b37b300 mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm d77487524f4c97de9045ec95ad12ab6e mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm 71e27adc458413c7702d6818898fe5e7 mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm 3dbccf9557495d4348ae3505d97b38be mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm 3b89b8637aec14894a58bef4cd689567 mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm 50d45e856e41c6ecff783b93a4287eda mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm ad92c508abd692fbd99f7fa5aaabecc2 mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm 3f6c510e2b249132de1e6c0f28b8aa68 mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm 8668cd7c3ab9fee553a00a3214612ea8 mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm 993a93fcdf4e50e09496c7043a67569a mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm e5af9c493e06ed9109db7d7d6a99cf57 mbs1/x86_64/asterisk-plugins-voicemail-11.7.0-1.mbs1.x86_64.rpm 94953089a0fc959164bb30c348422490 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.7.0-1.mbs1.x86_64.rpm 7a09be7047f1532f31133b84d133f1e6 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.7.0-1.mbs1.x86_64.rpm 4521559e7590de0394bdc14894630e61 mbs1/x86_64/lib64asteriskssl1-11.7.0-1.mbs1.x86_64.rpm aca304a80515ea6055a0611194b56b9e mbs1/SRPMS/asterisk-11.7.0-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStxvDmqjQ0CJFipgRApQbAJ0RCohXqEBU6WFm15z4QSn4kv1lNQCcCzKP wSKh57L/hfYEaWr80+243nY= =62Pj -----END PGP SIGNATURE-----