16-0007-006

Security Bulletin for MiVoice Business
SECURITY BULLETIN ID: 16-0007-006
RELEASE VERSION: 1.0
DATE: 2016-03-07
SECURITY BULLETIN 16-0007-006 V1.0
OVERVIEW
This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 16-0007.
Visit http://www.mitel.com/security-advisories for more details.
MiVoice Business is affected by a DNS libresolv vulnerability in the glibc package provided by Mitel Standard Linux
(MSL) and distributed by RedHat Linux 6.3. (CVE-2015-7547)
APPLICABLE PRODUCTS
This security bulletin provides information on the following products:
PRODUCT NAME
VERSION(S)
AFFECTED
SOLUTION(S) AVAILABLE
6.0 and earlier
MSL Update
All versions using
RedHat Linux 6.3 *
Vendor update (See Solution Information)
1.2 and earlier
MSL Update
MiVoice Business for:
Industry Standard Server,
VMware Virtual Appliance
MiVoice Business for Stratus
MiVoice Business for Multi-instance
platform - Server Manager
* MiVB on Stratus supports RedHat Linux version 5.4 and 6.3. Version 5.4 is not affected by this vulnerability
RISK / EXPOSURE
The vulnerabiltiy is rated as having moderate risk.
CVSS V2.0 OVERALL SCORE:
6.8
CVSS V2.0 VECTOR:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS BASE SCORE:
6.8
CVSS TEMPORAL SCORE:
n/a
CVSS ENVIRONMENTAL SCORE:
n/a
OVERALL RISK LEVEL:
Moderate
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
SECURITY BULLETIN 16-0007-006 V1.0
MITIGATION / WORKAROUNDS
Please refer to Mitel Standard Linux’s advisory or Redhat web site.
SOLUTION INFORMATION
New releases of MSL (10.1.49.0 and 10.3.38.0) are available with the updated glibc package, providing fixes for the
reported vulnerability. Customers should upgrade to MSL 10.1.49.0 and 10.3.38.0 as applicable. Please contact
Product Support for more information.
For sytems allowing the ability to update RedHat packages directly, please refer to the solution provided by Redhat
(https://access.redhat.com/articles/2161461) for RedHat 6.3.
Please contact Product Support for more information.
© Copyright 2016, Mitel Networks Corporation. All Rights Reserved.
The Mitel word and logo are trademarks of Mitel Networks Corporation.
Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of
these marks.
Similar pages