Bug 1154894

Summary: asterisk vulnerable to CVE-2014-3566/POODLE (AST-2014-011)
Product: [Fedora] Fedora Reporter: Murray McAllister <mmcallis>
Component: asteriskAssignee: Jeffrey C. Ollie <jeff>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: itamar, jeff, lmadsen, rbryant, vdanen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: asterisk-11.13.1-1.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1154895 (view as bug list) Environment:
Last Closed: 2014-11-01 01:32:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1152789, 1154895    

Description Murray McAllister 2014-10-21 01:18:09 UTC 
The AST-2014-011 advisory provides the following:

""
Asterisk has been patched such that it no longer uses SSLv3 for the res_jabber/res_xmpp modules. Additionally, when the encryption method is not specified, the default handling in the TLS core no longer allows for a fallback to SSLv3 or SSLv2
""

References:

http://downloads.asterisk.org/pub/security/AST-2014-011.html
https://bugzilla.redhat.com/show_bug.cgi?id=1152789
Comment 1 Fedora Update System 2014-10-21 06:10:10 UTC 
asterisk-11.13.1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/asterisk-11.13.1-1.fc20
Comment 2 Fedora Update System 2014-10-21 06:11:15 UTC 
asterisk-11.13.1-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/asterisk-11.13.1-1.fc19
Comment 3 Fedora Update System 2014-10-21 06:12:22 UTC 
asterisk-11.13.1-1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/asterisk-11.13.1-1.fc21
Comment 4 Fedora Update System 2014-10-21 10:27:43 UTC 
Package asterisk-11.13.1-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing asterisk-11.13.1-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-13360/asterisk-11.13.1-1.fc19
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2014-11-01 01:32:26 UTC 
asterisk-11.13.1-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2014-11-01 01:41:44 UTC 
asterisk-11.13.1-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2014-11-01 16:38:13 UTC 
asterisk-11.13.1-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Vincent Danen 2014-11-12 14:41:46 UTC 
*** Bug 1160852 has been marked as a duplicate of this bug. ***