-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : asterisk
Date : April 27, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated asterisk packages fix security vulnerability:
When Asterisk registers to a SIP TLS device and and verifies the
server, Asterisk will accept signed certificates that match a common
name other than the one Asterisk is expecting if the signed certificate
has a common name containing a null byte after the portion of the
common name that Asterisk expected (CVE-2015-3008).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008