BugTraq
[ MDVSA-2013:300 ] asterisk Dec 23 2013 08:56AM
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:300
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : December 22, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

A vulnerability has been discovered and corrected in asterisk:

Buffer overflow in the unpacksms16 function in apps/app_sms.c in
Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
and 11.x before 11.2-cert3 allows remote attackers to cause a denial
of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).

The updated packages has been upgraded to the 11.7.0 version which
resolves various upstream bugs and is not vulnerable to this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
https://issues.asterisk.org/jira/browse/ASTERISK-22590
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-sum
mary.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e24b714a039387ce246a75cb86f9a5aa mbs1/x86_64/asterisk-11.7.0-1.mbs1.x86_64.rpm
af4da5a36e630210f2483ae3c46db9b4 mbs1/x86_64/asterisk-addons-11.7.0-1.mbs1.x86_64.rpm
85e539430165237292a64e104c0dcaff mbs1/x86_64/asterisk-devel-11.7.0-1.mbs1.x86_64.rpm
5c539a9ecc40ce581a6e052498a4e17b mbs1/x86_64/asterisk-firmware-11.7.0-1.mbs1.x86_64.rpm
2620a9775c3f4a81856e5209cb92415f mbs1/x86_64/asterisk-gui-11.7.0-1.mbs1.x86_64.rpm
0fb5cb906884a9a4948dacdc4f2e3728 mbs1/x86_64/asterisk-plugins-alsa-11.7.0-1.mbs1.x86_64.rpm
660123db21c5819ebba6fe52c6433732 mbs1/x86_64/asterisk-plugins-calendar-11.7.0-1.mbs1.x86_64.rpm
dc78596485a8baca38ccb62b8d5f3d30 mbs1/x86_64/asterisk-plugins-cel-11.7.0-1.mbs1.x86_64.rpm
97323d1bf191e4eb1f1a619330f4a384 mbs1/x86_64/asterisk-plugins-corosync-11.7.0-1.mbs1.x86_64.rpm
d0c1b630a526930b597c5ebbea838e0f mbs1/x86_64/asterisk-plugins-curl-11.7.0-1.mbs1.x86_64.rpm
0585275b570504e13448ddec41637749 mbs1/x86_64/asterisk-plugins-dahdi-11.7.0-1.mbs1.x86_64.rpm
8b16ca9b3a9467931ee55ceb7eb87e0c mbs1/x86_64/asterisk-plugins-fax-11.7.0-1.mbs1.x86_64.rpm
dc9cea95cdcb0bccb638e44c80db9615 mbs1/x86_64/asterisk-plugins-festival-11.7.0-1.mbs1.x86_64.rpm
aa0746b011a0b9c607512fd024470e9d mbs1/x86_64/asterisk-plugins-ices-11.7.0-1.mbs1.x86_64.rpm
66c1d1d7c7f050534b14d4a00cb9be27 mbs1/x86_64/asterisk-plugins-jabber-11.7.0-1.mbs1.x86_64.rpm
bdb76cae7c31b3c747924afaaa4be9ab mbs1/x86_64/asterisk-plugins-jack-11.7.0-1.mbs1.x86_64.rpm
64b0a39eab31e855f7c3e232815b6970 mbs1/x86_64/asterisk-plugins-ldap-11.7.0-1.mbs1.x86_64.rpm
953d08b45ada744d1a745a1076b784cf mbs1/x86_64/asterisk-plugins-lua-11.7.0-1.mbs1.x86_64.rpm
5de657bd7924ba1cb92ff83c1f08c60e mbs1/x86_64/asterisk-plugins-minivm-11.7.0-1.mbs1.x86_64.rpm
9d8167b8c997f1d9612d3f255a03e3f5 mbs1/x86_64/asterisk-plugins-mobile-11.7.0-1.mbs1.x86_64.rpm
fb0f914bf7bf17807d625cee9acef023 mbs1/x86_64/asterisk-plugins-mp3-11.7.0-1.mbs1.x86_64.rpm
0860304b68c9419a3f12e0cda3cdaa75 mbs1/x86_64/asterisk-plugins-mysql-11.7.0-1.mbs1.x86_64.rpm
aff65445ffe4308b3c0a7c4ba8fb8ae2 mbs1/x86_64/asterisk-plugins-ooh323-11.7.0-1.mbs1.x86_64.rpm
be6753c6e166c8bbc4ea18a57cd53170 mbs1/x86_64/asterisk-plugins-osp-11.7.0-1.mbs1.x86_64.rpm
3e143d7cfb7e13130e65b4e574f503d8 mbs1/x86_64/asterisk-plugins-oss-11.7.0-1.mbs1.x86_64.rpm
1c931954172d4501ed4088d2f446dcbd mbs1/x86_64/asterisk-plugins-pgsql-11.7.0-1.mbs1.x86_64.rpm
b1717277db6c460ecef21c420b37b300 mbs1/x86_64/asterisk-plugins-pktccops-11.7.0-1.mbs1.x86_64.rpm
d77487524f4c97de9045ec95ad12ab6e mbs1/x86_64/asterisk-plugins-portaudio-11.7.0-1.mbs1.x86_64.rpm
71e27adc458413c7702d6818898fe5e7 mbs1/x86_64/asterisk-plugins-radius-11.7.0-1.mbs1.x86_64.rpm
3dbccf9557495d4348ae3505d97b38be mbs1/x86_64/asterisk-plugins-saycountpl-11.7.0-1.mbs1.x86_64.rpm
3b89b8637aec14894a58bef4cd689567 mbs1/x86_64/asterisk-plugins-skinny-11.7.0-1.mbs1.x86_64.rpm
50d45e856e41c6ecff783b93a4287eda mbs1/x86_64/asterisk-plugins-snmp-11.7.0-1.mbs1.x86_64.rpm
ad92c508abd692fbd99f7fa5aaabecc2 mbs1/x86_64/asterisk-plugins-speex-11.7.0-1.mbs1.x86_64.rpm
3f6c510e2b249132de1e6c0f28b8aa68 mbs1/x86_64/asterisk-plugins-sqlite-11.7.0-1.mbs1.x86_64.rpm
8668cd7c3ab9fee553a00a3214612ea8 mbs1/x86_64/asterisk-plugins-tds-11.7.0-1.mbs1.x86_64.rpm
993a93fcdf4e50e09496c7043a67569a mbs1/x86_64/asterisk-plugins-unistim-11.7.0-1.mbs1.x86_64.rpm
e5af9c493e06ed9109db7d7d6a99cf57 mbs1/x86_64/asterisk-plugins-voicemail-11.7.0-1.mbs1.x86_64.rpm
94953089a0fc959164bb30c348422490 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.7.0-1.mbs1.x86_64.rpm
7a09be7047f1532f31133b84d133f1e6 mbs1/x86_64/asterisk-plugins-voicemail-plain-11.7.0-1.mbs1.x86_64.rpm
4521559e7590de0394bdc14894630e61 mbs1/x86_64/lib64asteriskssl1-11.7.0-1.mbs1.x86_64.rpm
aca304a80515ea6055a0611194b56b9e mbs1/SRPMS/asterisk-11.7.0-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFStxvDmqjQ0CJFipgRApQbAJ0RCohXqEBU6WFm15z4QSn4kv1lNQCcCzKP
wSKh57L/hfYEaWr80+243nY=
=62Pj
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus