Security Bulletin for MiVoice Business SECURITY BULLETIN ID: 16-0007-006 RELEASE VERSION: 1.0 DATE: 2016-03-07 SECURITY BULLETIN 16-0007-006 V1.0 OVERVIEW This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 16-0007. Visit http://www.mitel.com/security-advisories for more details. MiVoice Business is affected by a DNS libresolv vulnerability in the glibc package provided by Mitel Standard Linux (MSL) and distributed by RedHat Linux 6.3. (CVE-2015-7547) APPLICABLE PRODUCTS This security bulletin provides information on the following products: PRODUCT NAME VERSION(S) AFFECTED SOLUTION(S) AVAILABLE 6.0 and earlier MSL Update All versions using RedHat Linux 6.3 * Vendor update (See Solution Information) 1.2 and earlier MSL Update MiVoice Business for: Industry Standard Server, VMware Virtual Appliance MiVoice Business for Stratus MiVoice Business for Multi-instance platform - Server Manager * MiVB on Stratus supports RedHat Linux version 5.4 and 6.3. Version 5.4 is not affected by this vulnerability RISK / EXPOSURE The vulnerabiltiy is rated as having moderate risk. CVSS V2.0 OVERALL SCORE: 6.8 CVSS V2.0 VECTOR: AV:N/AC:M/Au:N/C:P/I:P/A:P CVSS BASE SCORE: 6.8 CVSS TEMPORAL SCORE: n/a CVSS ENVIRONMENTAL SCORE: n/a OVERALL RISK LEVEL: Moderate © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks. SECURITY BULLETIN 16-0007-006 V1.0 MITIGATION / WORKAROUNDS Please refer to Mitel Standard Linux’s advisory or Redhat web site. SOLUTION INFORMATION New releases of MSL (10.1.49.0 and 10.3.38.0) are available with the updated glibc package, providing fixes for the reported vulnerability. Customers should upgrade to MSL 10.1.49.0 and 10.3.38.0 as applicable. Please contact Product Support for more information. For sytems allowing the ability to update RedHat packages directly, please refer to the solution provided by Redhat (https://access.redhat.com/articles/2161461) for RedHat 6.3. Please contact Product Support for more information. © Copyright 2016, Mitel Networks Corporation. All Rights Reserved. The Mitel word and logo are trademarks of Mitel Networks Corporation. Any reference to third party trademarks are for reference only and Mitel makes no representation of the ownership of these marks.