-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:206 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : asterisk Date : April 27, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected (CVE-2015-3008). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008 http://advisories.mageia.org/MGASA-2015-0153.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: b622a720acef1302469bd5fff078bf2e mbs1/x86_64/asterisk-11.17.1-1.mbs1.x86_64.rpm 32f3ead0079bae099452d98a4691f356 mbs1/x86_64/asterisk-addons-11.17.1-1.mbs1.x86_64.rpm 90e24e6c475e8c1154c9cbd82dd5e8e8 mbs1/x86_64/asterisk-devel-11.17.1-1.mbs1.x86_64.rpm 2d1c0ac11edc6c5ce2afb4063ac434cf mbs1/x86_64/asterisk-firmware-11.17.1-1.mbs1.x86_64.rpm 4849b9beec8006708ad5855f4bda264e mbs1/x86_64/asterisk-gui-11.17.1-1.mbs1.x86_64.rpm 4c75d77f3cb59c13f60138caf8156352 mbs1/x86_64/asterisk-plugins-alsa-11.17.1-1.mbs1.x86_64.rpm 0bd35fac194ecb10e3c1d482088a4097 mbs1/x86_64/asterisk-plugins-calendar-11.17.1-1.mbs1.x86_64.rpm 192c77c10296654712131a53cbd33cde mbs1/x86_64/asterisk-plugins-cel-11.17.1-1.mbs1.x86_64.rpm ad6c52dd1a3d92ea3c164fe5f4c88d7b mbs1/x86_64/asterisk-plugins-corosync-11.17.1-1.mbs1.x86_64.rpm f519addc0d656d249eba9b17f911244b mbs1/x86_64/asterisk-plugins-curl-11.17.1-1.mbs1.x86_64.rpm 2db55aa7dfcdb9fd3339a1c8cbb723ab mbs1/x86_64/asterisk-plugins-dahdi-11.17.1-1.mbs1.x86_64.rpm e9fbe3134915cbaa87b8c8d6ede1b57d mbs1/x86_64/asterisk-plugins-fax-11.17.1-1.mbs1.x86_64.rpm ced314823d11d497168e6931028500c9 mbs1/x86_64/asterisk-plugins-festival-11.17.1-1.mbs1.x86_64.rpm f1e23eef46fb8301c6275f39cca861a1 mbs1/x86_64/asterisk-plugins-ices-11.17.1-1.mbs1.x86_64.rpm 76a7de2c6f37c36253fd0cfc2951e074 mbs1/x86_64/asterisk-plugins-jabber-11.17.1-1.mbs1.x86_64.rpm faaaf393ce98c61d5e918241da1a61fc mbs1/x86_64/asterisk-plugins-jack-11.17.1-1.mbs1.x86_64.rpm 5a573a8de2f9088d10516139b8237bdb mbs1/x86_64/asterisk-plugins-ldap-11.17.1-1.mbs1.x86_64.rpm 0d5b1a2c39ce5297c3607cf28d00ead3 mbs1/x86_64/asterisk-plugins-lua-11.17.1-1.mbs1.x86_64.rpm 46d790164403a789519c046761f71626 mbs1/x86_64/asterisk-plugins-minivm-11.17.1-1.mbs1.x86_64.rpm 6009212f2869b027206ea239129b52e7 mbs1/x86_64/asterisk-plugins-mobile-11.17.1-1.mbs1.x86_64.rpm 1c47febb630ab5e5bed9201fbb1b5102 mbs1/x86_64/asterisk-plugins-mp3-11.17.1-1.mbs1.x86_64.rpm 3a7be951a05846f355c9f4694ed0cb53 mbs1/x86_64/asterisk-plugins-mysql-11.17.1-1.mbs1.x86_64.rpm 7d78157a89d61a1a6e90d0f40be35886 mbs1/x86_64/asterisk-plugins-ooh323-11.17.1-1.mbs1.x86_64.rpm 7da0f34159c6e8231987fb3561fbd470 mbs1/x86_64/asterisk-plugins-osp-11.17.1-1.mbs1.x86_64.rpm ec06bbf55b66d5a2d87a453e739e2d18 mbs1/x86_64/asterisk-plugins-oss-11.17.1-1.mbs1.x86_64.rpm cf44e06bc7b503c3723b780193058c3f mbs1/x86_64/asterisk-plugins-pgsql-11.17.1-1.mbs1.x86_64.rpm 107bfc1ff62b68c2be740d5b15a22017 mbs1/x86_64/asterisk-plugins-pktccops-11.17.1-1.mbs1.x86_64.rpm 4fe837416f637a1aee6fde6354992283 mbs1/x86_64/asterisk-plugins-portaudio-11.17.1-1.mbs1.x86_64.rpm 8b8ef562b9a312f4a75a1801beeb6770 mbs1/x86_64/asterisk-plugins-radius-11.17.1-1.mbs1.x86_64.rpm 7e872343fdab26745bb04c86e3a76a2f mbs1/x86_64/asterisk-plugins-saycountpl-11.17.1-1.mbs1.x86_64.rpm ec94405ec2bbbb96518f9c9602de16cb mbs1/x86_64/asterisk-plugins-skinny-11.17.1-1.mbs1.x86_64.rpm 4a77b93657631f73d7626e5152359b9b mbs1/x86_64/asterisk-plugins-snmp-11.17.1-1.mbs1.x86_64.rpm 54be929e9a936f402098af8a0685697f mbs1/x86_64/asterisk-plugins-speex-11.17.1-1.mbs1.x86_64.rpm 38db51cce7a67dcb4707ed4bd545e6e5 mbs1/x86_64/asterisk-plugins-sqlite-11.17.1-1.mbs1.x86_64.rpm 25399ec97a84ceba4e8dcd16141f2c0a mbs1/x86_64/asterisk-plugins-tds-11.17.1-1.mbs1.x86_64.rpm 8f026b239dc37c2d274caa30e89fd9b1 mbs1/x86_64/asterisk-plugins-unistim-11.17.1-1.mbs1.x86_64.rpm e3129548c8ffec6686a0dfcfa59aad25 mbs1/x86_64/asterisk-plugins-voicemail-11.17.1-1.mbs1.x86_64.rpm ec8983601ea02f8120ce15211733dafa mbs1/x86_64/asterisk-plugins-voicemail-imap-11.17.1-1.mbs1.x86_64.rpm b893a384ece6c9512c940dee2750617d mbs1/x86_64/asterisk-plugins-voicemail-plain-11.17.1-1.mbs1.x86_64.rpm ec404cef5055da70019f0013b2724091 mbs1/x86_64/lib64asteriskssl1-11.17.1-1.mbs1.x86_64.rpm 3eab65f3e42f04794aa882f3a2c62779 mbs1/SRPMS/asterisk-11.17.1-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVPdlBmqjQ0CJFipgRAhRnAJ0WzixIi5UvTH8Cm3gCAVRN9Y9rTgCgh8ag wfZFBXBaxjDiHo57IlOXga8= =l4+z -----END PGP SIGNATURE-----