Product Bulletin: ScopServ Vulnerability CVE-2014-1691 January 26, 2015

Scope:
ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691.

Description:
Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute code.

Required Action:
In order to protect a ScopTEL installation from this vulnerability you must update to scopserv-5.0.0-2 scopserv-core-5.1.0.8.20150126-1 scopserv-framework-5.0.0.7.20150126-1 and meet all other dependencies including php-pecl-json-1.2.1-5

Immediate Recommendations:
It is highly recommended to perform a full update on each ScopServ, ScopTEL installation in order to simplify the upgrade procedure and also ensure all dependencies are met.
It is also highly recommended to reboot your server after the updates in order to ensure all services and scripts and have been updated.
From the Linux shell execute (without quotations) ‘scopserv_yum update’
And after the updates are completed execute (without quotations) ‘reboot’