[Spce-user] Security Announcement related to kamailio

Daniel Grotti dgrotti at sipwise.com
Tue Mar 20 04:37:32 EDT 2018


Hi,
no, that's an upgrade.
mr5.5.2 -> mr5.5.3 it is done via upgrade procedure
mr5.5.2 -> mr5.5.2 latest hotfixes is done via apt-get update && apt-get 
upgrade command. This will update your packages from mr5.5.2.X to 
mr5.5.2.Y (latest).

Cheers,


-- 
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

On 03/20/2018 09:26 AM, Hohl Matthias wrote:
>
> Hello Daniel,
>
> thanks for your answer.
>
> It was just a general question and not just one for hotfixing this 
> specific problem.
>
> For example From 5.5.2.x to 5.5.3.x is this an upgrade process like 
> descriped in the handbook, or is this also done with the “hotfix 
> update” routine?
>
> Thanks again.
>
> *Von:*Daniel Grotti <dgrotti at sipwise.com>
> *Gesendet:* Montag, 19. März 2018 17:26
> *An:* Hohl Matthias <matthias.hohl at telematica.at>; 'Spce-user' 
> <spce-user at lists.sipwise.com>
> *Cc:* spce-dev at lists.sipwise.com
> *Betreff:* Re: AW: [Spce-user] Security Announcement related to kamailio
>
> Hi Matthias,
> what you need to do is the:
>
> |# apt-get update && apt-get upgrade && ngcp-update-db-schema && 
> ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|
>
> |In the handbook is describe how to upgrade. But if you run release 
> >+mr4.5.1 you do not need to upgrade, but just update to the latest 
> hotfixes of your current release, which are mr5.5.2.x in your case.|
>
> |Cheers,|
>
> -- 
> Daniel Grotti
> Head of Customer Support
> Sipwise GmbH, Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
> Office: +43(0)130120332
> Email:dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
> Website:https://www.sipwise.com
>
> On 03/19/2018 05:21 PM, Hohl Matthias wrote:
>
>     Hello,
>
>     one short question, cause i can’t find the latest information
>     about this in the handbook:
>
>     an Hotfix patch update within a version number (5.5.2.x to
>     5.5.2.y) is done with that:
>
>     |# apt-get update && apt-get upgrade && ngcp-update-db-schema &&
>     ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|
>
>     ||
>
>     For major (5.5.2 to 5.6.1) and minor release updating (5.5.2 to
>     5.5.3) it is done like descripted in the handbook, right?
>
>     https://www.sipwise.org/doc/mr5.5.3/spce/ar01s14.html#_upgrade_from_previous_versions_to_mr5_5_3
>
>     or is this for the minor release upgrade not needed?
>
>     Thanks.
>
>     *Von:*Spce-user <spce-user-bounces at lists.sipwise.com>
>     <mailto:spce-user-bounces at lists.sipwise.com> *Im Auftrag von
>     *Daniel Grotti
>     *Gesendet:* Montag, 19. März 2018 13:17
>     *An:* Spce-user <spce-user at lists.sipwise.com>
>     <mailto:spce-user at lists.sipwise.com>
>     *Cc:* spce-dev at lists.sipwise.com <mailto:spce-dev at lists.sipwise.com>
>     *Betreff:* [Spce-user] Security Announcement related to kamailio
>
>     Dear SPCE users,
>     we would like to highlight that the last stable versions of
>     kamailio (for the latest 3 release series: 4.4, 5.0 and 5.1)
>     include fixes for two issues that can crash a running instance of
>     Kamailio, therefore it is strongly
>     recommended to upgrade the kamailio packages on your C5 systems.
>
>     A detailed description of the security issue is reported here: CVE
>     link not yet assigned.
>     The fix does not include any functional changes, so the call
>     functionality and features will remain intact.
>
>
>     1. SPCE releases affected
>     The following list shows you which SPCE supported releases are
>     affected:
>
>
>     mr3.8.x  -> fixed in mr3.8.12 with package version mr3.8.12.2
>     mr4.5.1  -> fixed with package version mr4.5.1.2
>     mr4.5.2  -> fixed with package version mr4.5.2.4
>     mr4.5.3  -> fixed with package version mr4.5.3.3
>     mr4.5.4  -> fixed with package version mr4.5.4.6
>     mr4.5.5  -> fixed with package version mr4.5.5.2
>     mr4.5.6  -> fixed with package version mr4.5.6.2
>     mr4.5.7  -> fixed with package version mr4.5.7.2
>     mr5.5.1  -> fixed with package version mr5.5.1.2
>     mr5.5.2  -> fixed with package version mr5.5.2.2
>     mr5.5.3  -> fixed with package version mr5.5.3.2
>     mr6.0.1  -> fixed with package version mr6.0.1.2
>     mr6.0.2  -> fixed with package version mr6.0.2.2
>     mr6.1.1  -> fixed with package version mr6.1.1.2
>
>
>     Releases older than mr3.8 are *NOT* supported anymore and will not
>     be hotfixed.
>
>
>
>     2. How to apply the security fix
>     Here you find the steps how install the security fix, depending on
>     your current release.
>
>     2.1 SPCE release older than mr3.8.12
>     If you are running a release mr3.8.x, with x less than 12, then
>     you should upgrade to mr3.8.12 in order to get the security fix.
>     You can follow the usual upgrade procedure described in the handbook:
>
>       [1] SPCE:
>     https://www.sipwise.com/doc/mr3.8.12/spce/ar01s03.html#_upgrade_from_previous_release
>
>
>     Even though the issue affecting mr3.8.x is not so critical, we
>     recommend to upgrade in any case to mr3.8.12.
>
>
>     2.2 SPCE release greater or equal to mr4.5.1
>     In this case the fix is provided as a hotfix, within your current
>     release.
>     In order to install the fix you should upgrade your packages to
>     the latest hotfixes.
>
>
>     Best Regards,
>
>
>
>     -- 
>
>     Daniel Grotti
>
>     Head of Customer Support
>
>     Sipwise GmbH, Campus 21/Europaring F15
>
>     AT-2345 Brunn am Gebirge
>
>       
>
>     Office: +43(0)130120332
>
>     Email:dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
>
>     Website:https://www.sipwise.com
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20180320/a6f7afcb/attachment-0001.html>


More information about the Spce-user mailing list