type: security
subject: Updated asterisk package fixes security vulnerabilities
CVE:
 - CVE-2013-5641
 - CVE-2013-5642
src:
  3:
   core:
     - asterisk-11.5.1-1.mga3
description: |
  A remotely exploitable crash vulnerability exists in the SIP channel
  driver if an ACK with SDP is received after the channel has been
  terminated. The handling code incorrectly assumes that the channel
  will always be present (CVE-2013-5641).
  
  A remotely exploitable crash vulnerability exists in the SIP channel
  driver if an invalid SDP is sent in a SIP request that defines media
  descriptions   before connection information. The handling code
  incorrectly attempts to reference the socket address information even
  though that information has not yet been set (CVE-2013-5642).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=11094
 - http://downloads.asterisk.org/pub/security/AST-2013-004.html
 - http://downloads.asterisk.org/pub/security/AST-2013-005.html