Bug 1154895

Summary: asterisk vulnerable to CVE-2014-3566/POODLE (AST-2014-011)
Product: [Fedora] Fedora EPEL Reporter: Murray McAllister <mmcallis>
Component: asteriskAssignee: Jeffrey C. Ollie <jeff>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: extras-qa, itamar, jdisnard, jeff, lmadsen, rbryant, vdanen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: asterisk-1.8.32.1-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1154894 Environment:
Last Closed: 2014-11-24 21:20:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1154894    
Bug Blocks: 1152789    

Description Murray McAllister 2014-10-21 01:18:47 UTC 
+++ This bug was initially created as a clone of Bug #1154894 +++

The AST-2014-011 advisory provides the following:

""
Asterisk has been patched such that it no longer uses SSLv3 for the res_jabber/res_xmpp modules. Additionally, when the encryption method is not specified, the default handling in the TLS core no longer allows for a fallback to SSLv3 or SSLv2
""

References:

http://downloads.asterisk.org/pub/security/AST-2014-011.html
https://bugzilla.redhat.com/show_bug.cgi?id=1152789
Comment 1 Fedora Update System 2014-10-21 19:29:38 UTC 
asterisk-1.8.31.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.31.1-1.el6
Comment 2 Fedora Update System 2014-10-22 18:43:19 UTC 
Package asterisk-1.8.31.1-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing asterisk-1.8.31.1-1.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3527/asterisk-1.8.31.1-1.el6
then log in and leave karma (feedback).
Comment 3 Vincent Danen 2014-11-12 14:43:07 UTC 
*** Bug 1160853 has been marked as a duplicate of this bug. ***
Comment 4 Fedora Update System 2014-11-22 14:33:32 UTC 
asterisk-1.8.32.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/asterisk-1.8.32.1-1.el6
Comment 5 Fedora Update System 2014-11-24 21:20:36 UTC 
asterisk-1.8.31.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2014-12-11 06:32:43 UTC 
asterisk-1.8.32.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.