Advisories ยป MGASA-2015-0153

Updated asterisk packages fix CVE-2015-3008

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3008

Description

Updated asterisk packages fix security vulnerability:

When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected (CVE-2015-3008).
                

References

SRPMS

4/core