[ MDVSA-2015:206 ] asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:206
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : asterisk
 Date    : April 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated asterisk packages fix security vulnerability:
 
 When Asterisk registers to a SIP TLS device and and verifies the
 server, Asterisk will accept signed certificates that match a common
 name other than the one Asterisk is expecting if the signed certificate
 has a common name containing a null byte after the portion of the
 common name that Asterisk expected (CVE-2015-3008).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008

Leave a Reply