[Spce-user] Security Announcement related to kamailio

Daniel Grotti dgrotti at sipwise.com
Mon Mar 19 12:26:05 EDT 2018


Hi Matthias,
what you need to do is the:

|# apt-get update && apt-get upgrade && ngcp-update-db-schema && 
ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|

|
|

|
|

|In the handbook is describe how to upgrade. But if you run release 
 >+mr4.5.1 you do not need to upgrade, but just update to the latest 
hotfixes of your current release, which are mr5.5.2.x in your case.|

|
|

|Cheers,|

|
|

|
|

-- 
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

On 03/19/2018 05:21 PM, Hohl Matthias wrote:
>
> Hello,
>
> one short question, cause i can’t find the latest information about 
> this in the handbook:
>
> an Hotfix patch update within a version number (5.5.2.x to 5.5.2.y) is 
> done with that:
>
> |# apt-get update && apt-get upgrade && ngcp-update-db-schema && 
> ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|
>
> ||
>
> For major (5.5.2 to 5.6.1) and minor release updating (5.5.2 to 5.5.3) 
> it is done like descripted in the handbook, right?
>
> https://www.sipwise.org/doc/mr5.5.3/spce/ar01s14.html#_upgrade_from_previous_versions_to_mr5_5_3
>
> or is this for the minor release upgrade not needed?
>
> Thanks.
>
> *Von:*Spce-user <spce-user-bounces at lists.sipwise.com> *Im Auftrag von 
> *Daniel Grotti
> *Gesendet:* Montag, 19. März 2018 13:17
> *An:* Spce-user <spce-user at lists.sipwise.com>
> *Cc:* spce-dev at lists.sipwise.com
> *Betreff:* [Spce-user] Security Announcement related to kamailio
>
> Dear SPCE users,
> we would like to highlight that the last stable versions of kamailio 
> (for the latest 3 release series: 4.4, 5.0 and 5.1) include fixes for 
> two issues that can crash a running instance of Kamailio, therefore it 
> is strongly
> recommended to upgrade the kamailio packages on your C5 systems.
>
> A detailed description of the security issue is reported here: CVE 
> link not yet assigned.
> The fix does not include any functional changes, so the call 
> functionality and features will remain intact.
>
>
> 1. SPCE releases affected
> The following list shows you which SPCE supported releases are affected:
>
>
> mr3.8.x  -> fixed in mr3.8.12 with package version mr3.8.12.2
> mr4.5.1  -> fixed with package version mr4.5.1.2
> mr4.5.2  -> fixed with package version mr4.5.2.4
> mr4.5.3  -> fixed with package version mr4.5.3.3
> mr4.5.4  -> fixed with package version mr4.5.4.6
> mr4.5.5  -> fixed with package version mr4.5.5.2
> mr4.5.6  -> fixed with package version mr4.5.6.2
> mr4.5.7  -> fixed with package version mr4.5.7.2
> mr5.5.1  -> fixed with package version mr5.5.1.2
> mr5.5.2  -> fixed with package version mr5.5.2.2
> mr5.5.3  -> fixed with package version mr5.5.3.2
> mr6.0.1  -> fixed with package version mr6.0.1.2
> mr6.0.2  -> fixed with package version mr6.0.2.2
> mr6.1.1  -> fixed with package version mr6.1.1.2
>
>
> Releases older than mr3.8 are *NOT* supported anymore and will not be 
> hotfixed.
>
>
>
> 2. How to apply the security fix
> Here you find the steps how install the security fix, depending on 
> your current release.
>
> 2.1 SPCE release older than mr3.8.12
> If you are running a release mr3.8.x, with x less than 12, then you 
> should upgrade to mr3.8.12 in order to get the security fix.
> You can follow the usual upgrade procedure described in the handbook:
>
>   [1] SPCE: 
> https://www.sipwise.com/doc/mr3.8.12/spce/ar01s03.html#_upgrade_from_previous_release
>
>
> Even though the issue affecting mr3.8.x is not so critical, we 
> recommend to upgrade in any case to mr3.8.12.
>
>
> 2.2 SPCE release greater or equal to mr4.5.1
> In this case the fix is provided as a hotfix, within your current release.
> In order to install the fix you should upgrade your packages to the 
> latest hotfixes.
>
>
> Best Regards,
>
>
> -- 
> Daniel Grotti
> Head of Customer Support
> Sipwise GmbH, Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
> Office: +43(0)130120332
> Email:dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
> Website:https://www.sipwise.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20180319/f342642e/attachment-0001.html>


More information about the Spce-user mailing list