-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:218 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : November 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in asterisk: Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566). Mixed IP address families in access control lists may permit unwanted traffic. High call load may result in hung channels in ConfBridge. Permission escalation through ConfBridge actions/dialplan functions. The updated packages has been upgraded to the 11.14.1 version which is not vulnerable to these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://downloads.asterisk.org/pub/security/AST-2014-010.html http://downloads.asterisk.org/pub/security/AST-2014-011.html http://downloads.asterisk.org/pub/security/AST-2014-012.html http://downloads.asterisk.org/pub/security/AST-2014-014.html http://downloads.asterisk.org/pub/security/AST-2014-017.html http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.14.1-summary.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: c51cb6ffff59bffd642bb902ca8162f1 mbs1/x86_64/asterisk-11.14.1-1.mbs1.x86_64.rpm c0f85969b4d756688494358697f005c9 mbs1/x86_64/asterisk-addons-11.14.1-1.mbs1.x86_64.rpm 31713ecdd6b61071fb61b42cd787701f mbs1/x86_64/asterisk-devel-11.14.1-1.mbs1.x86_64.rpm 162e4350a312c6e090fb75194d53884d mbs1/x86_64/asterisk-firmware-11.14.1-1.mbs1.x86_64.rpm 17e181231c0d38df044ca55e7854b51d mbs1/x86_64/asterisk-gui-11.14.1-1.mbs1.x86_64.rpm 18c8ece7a7f60c803a7c861a65098911 mbs1/x86_64/asterisk-plugins-alsa-11.14.1-1.mbs1.x86_64.rpm ec473426a8f58b4a3cc29d10ead4d8f6 mbs1/x86_64/asterisk-plugins-calendar-11.14.1-1.mbs1.x86_64.rpm 24e8d37e023ac50d108aec12b5046265 mbs1/x86_64/asterisk-plugins-cel-11.14.1-1.mbs1.x86_64.rpm 8968cf4e2893e81c6548374a35bd99ac mbs1/x86_64/asterisk-plugins-corosync-11.14.1-1.mbs1.x86_64.rpm 76c6d4296d0302077875ed7f5231b2cd mbs1/x86_64/asterisk-plugins-curl-11.14.1-1.mbs1.x86_64.rpm fdb776323a732bf1f5d74577d1d50016 mbs1/x86_64/asterisk-plugins-dahdi-11.14.1-1.mbs1.x86_64.rpm ac14dbc670119059cd90876c25f8d927 mbs1/x86_64/asterisk-plugins-fax-11.14.1-1.mbs1.x86_64.rpm aa4b1e716dda92a07d1ab86924bf30f7 mbs1/x86_64/asterisk-plugins-festival-11.14.1-1.mbs1.x86_64.rpm 320c9d15d38382dba12e1fa050d23b92 mbs1/x86_64/asterisk-plugins-ices-11.14.1-1.mbs1.x86_64.rpm 1e23348126a183856b0869dc4d8d308e mbs1/x86_64/asterisk-plugins-jabber-11.14.1-1.mbs1.x86_64.rpm 66551930b10eb068b0fdcf8c0823651d mbs1/x86_64/asterisk-plugins-jack-11.14.1-1.mbs1.x86_64.rpm a638c610fd6e2fd335c598c1b4da00e9 mbs1/x86_64/asterisk-plugins-ldap-11.14.1-1.mbs1.x86_64.rpm e36665aaf4328129da0a0997eea692bc mbs1/x86_64/asterisk-plugins-lua-11.14.1-1.mbs1.x86_64.rpm a3c7eb40e517b35c0cefc7d9b910cdb4 mbs1/x86_64/asterisk-plugins-minivm-11.14.1-1.mbs1.x86_64.rpm e424c8c9c5e2deab47f244b277398b51 mbs1/x86_64/asterisk-plugins-mobile-11.14.1-1.mbs1.x86_64.rpm f80f743a85409065758b068a14e25a83 mbs1/x86_64/asterisk-plugins-mp3-11.14.1-1.mbs1.x86_64.rpm 0ac6785ecb4bd82c3b4eb92e8b149731 mbs1/x86_64/asterisk-plugins-mysql-11.14.1-1.mbs1.x86_64.rpm 477784fddff9b23b41813e073b3b8320 mbs1/x86_64/asterisk-plugins-ooh323-11.14.1-1.mbs1.x86_64.rpm 4e7301826ec3187feecdbbd1e60c11a6 mbs1/x86_64/asterisk-plugins-osp-11.14.1-1.mbs1.x86_64.rpm 1753e99e936d3975fc1861fd67250694 mbs1/x86_64/asterisk-plugins-oss-11.14.1-1.mbs1.x86_64.rpm 5cc90093af54761a46c695cf46873734 mbs1/x86_64/asterisk-plugins-pgsql-11.14.1-1.mbs1.x86_64.rpm 052fa6b84ee2a1339c4f4013f9bd9160 mbs1/x86_64/asterisk-plugins-pktccops-11.14.1-1.mbs1.x86_64.rpm c7f857575e2fe4b0ff6b470bffeb60b2 mbs1/x86_64/asterisk-plugins-portaudio-11.14.1-1.mbs1.x86_64.rpm eeac32dd9a60156db1dace2a44b051ab mbs1/x86_64/asterisk-plugins-radius-11.14.1-1.mbs1.x86_64.rpm c14dc9a89aa265ea1abe69d1596b754c mbs1/x86_64/asterisk-plugins-saycountpl-11.14.1-1.mbs1.x86_64.rpm fb1248b1e11190ce4150cc59b1b2f2e6 mbs1/x86_64/asterisk-plugins-skinny-11.14.1-1.mbs1.x86_64.rpm fb50e5c640ce34213b41e8a505f7df49 mbs1/x86_64/asterisk-plugins-snmp-11.14.1-1.mbs1.x86_64.rpm a7b4f389bc0f66937a23b7fa00c4ccac mbs1/x86_64/asterisk-plugins-speex-11.14.1-1.mbs1.x86_64.rpm e98250351bfbb1b2f40a1d9c39ed88dd mbs1/x86_64/asterisk-plugins-sqlite-11.14.1-1.mbs1.x86_64.rpm f87581b2b56a610299d53f4e25528e10 mbs1/x86_64/asterisk-plugins-tds-11.14.1-1.mbs1.x86_64.rpm 8f29e88a502cac7a49400c2040a08057 mbs1/x86_64/asterisk-plugins-unistim-11.14.1-1.mbs1.x86_64.rpm a204d1147b7a5042eef622f6231b776b mbs1/x86_64/asterisk-plugins-voicemail-11.14.1-1.mbs1.x86_64.rpm 7ff13281c7ff4960908786b8bdd2f069 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.14.1-1.mbs1.x86_64.rpm dc4f408b50f46b7d1e350a0dda42c770 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.14.1-1.mbs1.x86_64.rpm 25587e56764c03d34e63401c979a04e2 mbs1/x86_64/lib64asteriskssl1-11.14.1-1.mbs1.x86_64.rpm d7c66982d82943dbd48e36aca17f877b mbs1/SRPMS/asterisk-11.14.1-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUbyZpmqjQ0CJFipgRAvW0AJ46OLoVFnx4oeml/cekhyNwEx+lBQCcCTfO tUw0YBtFUhuteeM8nfkUGMI= =bAaS -----END PGP SIGNATURE-----