MGASA-2015-0153
- Source
- https://advisories.mageia.org/MGASA-2015-0153.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0153.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0153
- Related
- Published
- 2015-04-15T09:01:28Z
- Modified
- 2015-04-15T08:49:57Z
- Summary
- Updated asterisk packages fix CVE-2015-3008
- Details
-
Updated asterisk packages fix security vulnerability:
When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected (CVE-2015-3008).
- References
-
- https://advisories.mageia.org/MGASA-2015-0153.html
- https://bugs.mageia.org/show_bug.cgi?id=15674
- http://downloads.asterisk.org/pub/security/AST-2015-003.html
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
- http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.17.1-summary.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:rpm/mageia/asterisk?arch=source&distro=mageia-4