[Spce-user] Security Announcement related to kamailio
Daniel Grotti
dgrotti at sipwise.com
Mon Mar 19 08:16:31 EDT 2018
Dear SPCE users,
we would like to highlight that the last stable versions of kamailio
(for the latest 3release series: 4.4, 5.0 and 5.1) include fixes for two
issues that cancrash a running instance of Kamailio, therefore it is
strongly
recommended to upgrade the kamailio packages on your C5 systems.
A detailed description of the security issue is reported here: CVE link
not yet assigned.
The fix does not include any functional changes, so the call
functionality and features will remain intact.
1. SPCE releases affected
The following list shows you which SPCE supported releases are affected:
mr3.8.x -> fixed in mr3.8.12 with package version mr3.8.12.2
mr4.5.1 -> fixed with package version mr4.5.1.2
mr4.5.2 -> fixed with package version mr4.5.2.4
mr4.5.3 -> fixed with package version mr4.5.3.3
mr4.5.4 -> fixed with package version mr4.5.4.6
mr4.5.5 -> fixed with package version mr4.5.5.2
mr4.5.6 -> fixed with package version mr4.5.6.2
mr4.5.7 -> fixed with package version mr4.5.7.2
mr5.5.1 -> fixed with package version mr5.5.1.2
mr5.5.2 -> fixed with package version mr5.5.2.2
mr5.5.3 -> fixed with package version mr5.5.3.2
mr6.0.1 -> fixed with package version mr6.0.1.2
mr6.0.2 -> fixed with package version mr6.0.2.2
mr6.1.1 -> fixed with package version mr6.1.1.2
Releases older than mr3.8 are *NOT* supported anymore and will not be
hotfixed.
2. How to apply the security fix
Here you find the steps how install the security fix, depending on your
current release.
2.1 SPCE release older than mr3.8.12
If you are running a release mr3.8.x, with x less than 12, then you
should upgrade to mr3.8.12 in order to get the security fix.
You can follow the usual upgrade procedure described in the handbook:
[1] SPCE:
https://www.sipwise.com/doc/mr3.8.12/spce/ar01s03.html#_upgrade_from_previous_release
Even though the issue affecting mr3.8.x is not so critical, we recommend
to upgrade in any case to mr3.8.12.
2.2 SPCE release greater or equal to mr4.5.1
In this case the fix is provided as a hotfix, within your current release.
In order to install the fix you should upgrade your packages to the
latest hotfixes.
Best Regards,
--
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20180319/af8958b2/attachment.html>
More information about the Spce-user
mailing list