[Spce-user] Security Announcement related to kamailio
Daniel Grotti
dgrotti at sipwise.com
Tue Mar 20 04:37:32 EDT 2018
Hi,
no, that's an upgrade.
mr5.5.2 -> mr5.5.3 it is done via upgrade procedure
mr5.5.2 -> mr5.5.2 latest hotfixes is done via apt-get update && apt-get
upgrade command. This will update your packages from mr5.5.2.X to
mr5.5.2.Y (latest).
Cheers,
--
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com
On 03/20/2018 09:26 AM, Hohl Matthias wrote:
>
> Hello Daniel,
>
> thanks for your answer.
>
> It was just a general question and not just one for hotfixing this
> specific problem.
>
> For example From 5.5.2.x to 5.5.3.x is this an upgrade process like
> descriped in the handbook, or is this also done with the “hotfix
> update” routine?
>
> Thanks again.
>
> *Von:*Daniel Grotti <dgrotti at sipwise.com>
> *Gesendet:* Montag, 19. März 2018 17:26
> *An:* Hohl Matthias <matthias.hohl at telematica.at>; 'Spce-user'
> <spce-user at lists.sipwise.com>
> *Cc:* spce-dev at lists.sipwise.com
> *Betreff:* Re: AW: [Spce-user] Security Announcement related to kamailio
>
> Hi Matthias,
> what you need to do is the:
>
> |# apt-get update && apt-get upgrade && ngcp-update-db-schema &&
> ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|
>
> |In the handbook is describe how to upgrade. But if you run release
> >+mr4.5.1 you do not need to upgrade, but just update to the latest
> hotfixes of your current release, which are mr5.5.2.x in your case.|
>
> |Cheers,|
>
> --
> Daniel Grotti
> Head of Customer Support
> Sipwise GmbH, Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
> Office: +43(0)130120332
> Email:dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
> Website:https://www.sipwise.com
>
> On 03/19/2018 05:21 PM, Hohl Matthias wrote:
>
> Hello,
>
> one short question, cause i can’t find the latest information
> about this in the handbook:
>
> an Hotfix patch update within a version number (5.5.2.x to
> 5.5.2.y) is done with that:
>
> |# apt-get update && apt-get upgrade && ngcp-update-db-schema &&
> ngcp-update-cfg-schema && ngcpcfg apply 'Hotfix Update'|
>
> ||
>
> For major (5.5.2 to 5.6.1) and minor release updating (5.5.2 to
> 5.5.3) it is done like descripted in the handbook, right?
>
> https://www.sipwise.org/doc/mr5.5.3/spce/ar01s14.html#_upgrade_from_previous_versions_to_mr5_5_3
>
> or is this for the minor release upgrade not needed?
>
> Thanks.
>
> *Von:*Spce-user <spce-user-bounces at lists.sipwise.com>
> <mailto:spce-user-bounces at lists.sipwise.com> *Im Auftrag von
> *Daniel Grotti
> *Gesendet:* Montag, 19. März 2018 13:17
> *An:* Spce-user <spce-user at lists.sipwise.com>
> <mailto:spce-user at lists.sipwise.com>
> *Cc:* spce-dev at lists.sipwise.com <mailto:spce-dev at lists.sipwise.com>
> *Betreff:* [Spce-user] Security Announcement related to kamailio
>
> Dear SPCE users,
> we would like to highlight that the last stable versions of
> kamailio (for the latest 3 release series: 4.4, 5.0 and 5.1)
> include fixes for two issues that can crash a running instance of
> Kamailio, therefore it is strongly
> recommended to upgrade the kamailio packages on your C5 systems.
>
> A detailed description of the security issue is reported here: CVE
> link not yet assigned.
> The fix does not include any functional changes, so the call
> functionality and features will remain intact.
>
>
> 1. SPCE releases affected
> The following list shows you which SPCE supported releases are
> affected:
>
>
> mr3.8.x -> fixed in mr3.8.12 with package version mr3.8.12.2
> mr4.5.1 -> fixed with package version mr4.5.1.2
> mr4.5.2 -> fixed with package version mr4.5.2.4
> mr4.5.3 -> fixed with package version mr4.5.3.3
> mr4.5.4 -> fixed with package version mr4.5.4.6
> mr4.5.5 -> fixed with package version mr4.5.5.2
> mr4.5.6 -> fixed with package version mr4.5.6.2
> mr4.5.7 -> fixed with package version mr4.5.7.2
> mr5.5.1 -> fixed with package version mr5.5.1.2
> mr5.5.2 -> fixed with package version mr5.5.2.2
> mr5.5.3 -> fixed with package version mr5.5.3.2
> mr6.0.1 -> fixed with package version mr6.0.1.2
> mr6.0.2 -> fixed with package version mr6.0.2.2
> mr6.1.1 -> fixed with package version mr6.1.1.2
>
>
> Releases older than mr3.8 are *NOT* supported anymore and will not
> be hotfixed.
>
>
>
> 2. How to apply the security fix
> Here you find the steps how install the security fix, depending on
> your current release.
>
> 2.1 SPCE release older than mr3.8.12
> If you are running a release mr3.8.x, with x less than 12, then
> you should upgrade to mr3.8.12 in order to get the security fix.
> You can follow the usual upgrade procedure described in the handbook:
>
> [1] SPCE:
> https://www.sipwise.com/doc/mr3.8.12/spce/ar01s03.html#_upgrade_from_previous_release
>
>
> Even though the issue affecting mr3.8.x is not so critical, we
> recommend to upgrade in any case to mr3.8.12.
>
>
> 2.2 SPCE release greater or equal to mr4.5.1
> In this case the fix is provided as a hotfix, within your current
> release.
> In order to install the fix you should upgrade your packages to
> the latest hotfixes.
>
>
> Best Regards,
>
>
>
> --
>
> Daniel Grotti
>
> Head of Customer Support
>
> Sipwise GmbH, Campus 21/Europaring F15
>
> AT-2345 Brunn am Gebirge
>
>
>
> Office: +43(0)130120332
>
> Email:dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
>
> Website:https://www.sipwise.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20180320/a6f7afcb/attachment-0001.html>
More information about the Spce-user
mailing list