[Spce-user] Security Announcement related to kamailio

Daniel Grotti dgrotti at sipwise.com
Mon Mar 19 08:16:31 EDT 2018

Dear SPCE users,
we would like to highlight that the last stable versions of kamailio 
(for the latest 3release series: 4.4, 5.0 and 5.1) include fixes for two 
issues that cancrash a running instance of Kamailio, therefore it is 
recommended to upgrade the kamailio packages on your C5 systems.

A detailed description of the security issue is reported here: CVE link 
not yet assigned.
The fix does not include any functional changes, so the call 
functionality and features will remain intact.

1. SPCE releases affected
The following list shows you which SPCE supported releases are affected:

mr3.8.x  -> fixed in mr3.8.12 with package version mr3.8.12.2
mr4.5.1  -> fixed with package version mr4.5.1.2
mr4.5.2  -> fixed with package version mr4.5.2.4
mr4.5.3  -> fixed with package version mr4.5.3.3
mr4.5.4  -> fixed with package version mr4.5.4.6
mr4.5.5  -> fixed with package version mr4.5.5.2
mr4.5.6  -> fixed with package version mr4.5.6.2
mr4.5.7  -> fixed with package version mr4.5.7.2
mr5.5.1  -> fixed with package version mr5.5.1.2
mr5.5.2  -> fixed with package version mr5.5.2.2
mr5.5.3  -> fixed with package version mr5.5.3.2
mr6.0.1  -> fixed with package version mr6.0.1.2
mr6.0.2  -> fixed with package version mr6.0.2.2
mr6.1.1  -> fixed with package version mr6.1.1.2

Releases older than mr3.8 are *NOT* supported anymore and will not be 

2. How to apply the security fix
Here you find the steps how install the security fix, depending on your 
current release.

2.1 SPCE release older than mr3.8.12
If you are running a release mr3.8.x, with x less than 12, then you 
should upgrade to mr3.8.12 in order to get the security fix.
You can follow the usual upgrade procedure described in the handbook:

   [1] SPCE: 

Even though the issue affecting mr3.8.x is not so critical, we recommend 
to upgrade in any case to mr3.8.12.

2.2 SPCE release greater or equal to mr4.5.1
In this case the fix is provided as a hotfix, within your current release.
In order to install the fix you should upgrade your packages to the 
latest hotfixes.

Best Regards,

Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20180319/af8958b2/attachment.html>

More information about the Spce-user mailing list