Package name
asterisk
Date
2014-07-11
Advisory ID
MDVSA-2014:138
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in asterisk:

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and
Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated
Manager users to execute arbitrary shell commands via a MixMonitor
action (CVE-2014-4046).

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and
12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6
and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of
service (connection consumption) via a large number of (1) inactive or
(2) incomplete HTTP connections (CVE-2014-4047).

The updated packages has been upgraded to the 11.11.0 version which
is not vulnerable to these issues.

Updated packages

MBS1 x86_64

 e937dd2a5d9f6a67df27e4dd6454398f  mbs1/x86_64/asterisk-11.11.0-1.mbs1.x86_64.rpm
 a85725b66368b25457533a4c3e877055  mbs1/x86_64/asterisk-addons-11.11.0-1.mbs1.x86_64.rpm
 ffdc1c8d1f292326e777200506b29f94  mbs1/x86_64/asterisk-devel-11.11.0-1.mbs1.x86_64.rpm
 1b4fe1e6f4cfc0405cd9f43bc942ed91  mbs1/x86_64/asterisk-firmware-11.11.0-1.mbs1.x86_64.rpm
 f594da1396d28e51c6d784fb468f618a  mbs1/x86_64/asterisk-gui-11.11.0-1.mbs1.x86_64.rpm
 171e3ff869f721589b7a48b0081c6afc  mbs1/x86_64/asterisk-plugins-alsa-11.11.0-1.mbs1.x86_64.rpm
 1f48820459d336ae4dd483c2a6576227  mbs1/x86_64/asterisk-plugins-calendar-11.11.0-1.mbs1.x86_64.rpm
 7b882ebbbc3417bf322b9234c623f781  mbs1/x86_64/asterisk-plugins-cel-11.11.0-1.mbs1.x86_64.rpm
 d7ce1a6e8eba5895fb08803c372eb285  mbs1/x86_64/asterisk-plugins-corosync-11.11.0-1.mbs1.x86_64.rpm
 c12c986e12a9ae1acefd1353f1c1c2da  mbs1/x86_64/asterisk-plugins-curl-11.11.0-1.mbs1.x86_64.rpm
 9afd8b3c8eb7f5f8a0575b49e25cf6b8  mbs1/x86_64/asterisk-plugins-dahdi-11.11.0-1.mbs1.x86_64.rpm
 945fbfc96c1c86eea0f6748e23793bdf  mbs1/x86_64/asterisk-plugins-fax-11.11.0-1.mbs1.x86_64.rpm
 65be6c1cda3dcf1c5a6b2522a88ce61e  mbs1/x86_64/asterisk-plugins-festival-11.11.0-1.mbs1.x86_64.rpm
 ca4d24b7d09bb0dd8f09fbd57c4e2e49  mbs1/x86_64/asterisk-plugins-ices-11.11.0-1.mbs1.x86_64.rpm
 871cbd9c538462b999ea0ab4e706ecda  mbs1/x86_64/asterisk-plugins-jabber-11.11.0-1.mbs1.x86_64.rpm
 1c267d79e68ec6e6a446088dc213721b  mbs1/x86_64/asterisk-plugins-jack-11.11.0-1.mbs1.x86_64.rpm
 3a67da30600e5d3990b78160e067160f  mbs1/x86_64/asterisk-plugins-ldap-11.11.0-1.mbs1.x86_64.rpm
 12cd5d29582b4b876136a1cfa61002c6  mbs1/x86_64/asterisk-plugins-lua-11.11.0-1.mbs1.x86_64.rpm
 15c973274e70c0fe71e56d92b43f8f71  mbs1/x86_64/asterisk-plugins-minivm-11.11.0-1.mbs1.x86_64.rpm
 a83fcc142030a10ff5c4bb88cb105214  mbs1/x86_64/asterisk-plugins-mobile-11.11.0-1.mbs1.x86_64.rpm
 a72a75d828dbfca4eeedb7435bdc63e6  mbs1/x86_64/asterisk-plugins-mp3-11.11.0-1.mbs1.x86_64.rpm
 d96a752e43350807ac4ff68b7466502c  mbs1/x86_64/asterisk-plugins-mysql-11.11.0-1.mbs1.x86_64.rpm
 4879f8e873b4ac4e422edc659cabadd3  mbs1/x86_64/asterisk-plugins-ooh323-11.11.0-1.mbs1.x86_64.rpm
 2a92bc419c61f00040c318d237145cf1  mbs1/x86_64/asterisk-plugins-osp-11.11.0-1.mbs1.x86_64.rpm
 856119d1c534646d70bada4e47a3bbdb  mbs1/x86_64/asterisk-plugins-oss-11.11.0-1.mbs1.x86_64.rpm
 e30513f32093f40e53cc4cddc4b5d3ad  mbs1/x86_64/asterisk-plugins-pgsql-11.11.0-1.mbs1.x86_64.rpm
 8474c401e4a99e2ec78fed586ea29df7  mbs1/x86_64/asterisk-plugins-pktccops-11.11.0-1.mbs1.x86_64.rpm
 e81f8d782fc2b8b5cc46af2f74fc0f22  mbs1/x86_64/asterisk-plugins-portaudio-11.11.0-1.mbs1.x86_64.rpm
 e0b4ec334a8d767854491a3c60b45f6f  mbs1/x86_64/asterisk-plugins-radius-11.11.0-1.mbs1.x86_64.rpm
 617c199316459e7cbda7967f08216672  mbs1/x86_64/asterisk-plugins-saycountpl-11.11.0-1.mbs1.x86_64.rpm
 dde610fd41678c059933ccb323a250cd  mbs1/x86_64/asterisk-plugins-skinny-11.11.0-1.mbs1.x86_64.rpm
 d4f765ec860ebdf55dbb518efd2b845c  mbs1/x86_64/asterisk-plugins-snmp-11.11.0-1.mbs1.x86_64.rpm
 e31ed77900b96e46f9c2a42f0513187b  mbs1/x86_64/asterisk-plugins-speex-11.11.0-1.mbs1.x86_64.rpm
 3fdbeb88ba4e98996da0c9d81ebea36b  mbs1/x86_64/asterisk-plugins-sqlite-11.11.0-1.mbs1.x86_64.rpm
 350710fb047822f4c324b5ea59e8d739  mbs1/x86_64/asterisk-plugins-tds-11.11.0-1.mbs1.x86_64.rpm
 81dcd84e21f072233117a229ea3bc562  mbs1/x86_64/asterisk-plugins-unistim-11.11.0-1.mbs1.x86_64.rpm
 2b101c552b57f690a446df8113390704  mbs1/x86_64/asterisk-plugins-voicemail-11.11.0-1.mbs1.x86_64.rpm
 dd8c065364100baf3b96e934e20bfefc  mbs1/x86_64/asterisk-plugins-voicemail-imap-11.11.0-1.mbs1.x86_64.rpm
 85f0f40e43c629c88a29ccdd20c71b38  mbs1/x86_64/asterisk-plugins-voicemail-plain-11.11.0-1.mbs1.x86_64.rpm
 e9ae8fa821f0eeacf8eb22e2930a2ac3  mbs1/x86_64/lib64asteriskssl1-11.11.0-1.mbs1.x86_64.rpm 
 9a59a28dedab183fc986073f01f1349f  mbs1/SRPMS/asterisk-11.11.0-1.mbs1.src.rpm

References