[Spce-user] Security Announcement related to kamailio

Daniel Grotti dgrotti at sipwise.com
Wed Mar 21 07:26:24 EDT 2018


Hi all,
please find here the official CVE from debian: 
*https://security-tracker.debian.org/tracker/CVE-2018-8828


*

-- 
Daniel Grotti
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Office: +43(0)130120332
Email: dgrotti at sipwise.com
Website: https://www.sipwise.com

On 03/19/2018 01:16 PM, Daniel Grotti wrote:
> Dear SPCE users,
> we would like to highlight that the last stable versions of kamailio 
> (for the latest 3release series: 4.4, 5.0 and 5.1) include fixes for 
> two issues that cancrash a running instance of Kamailio, therefore it 
> is strongly
> recommended to upgrade the kamailio packages on your C5 systems.
>
> A detailed description of the security issue is reported here: CVE 
> link not yet assigned.
> The fix does not include any functional changes, so the call 
> functionality and features will remain intact.
>
>
> 1. SPCE releases affected
> The following list shows you which SPCE supported releases are affected:
>
>
> mr3.8.x  -> fixed in mr3.8.12 with package version mr3.8.12.2
> mr4.5.1  -> fixed with package version mr4.5.1.2
> mr4.5.2  -> fixed with package version mr4.5.2.4
> mr4.5.3  -> fixed with package version mr4.5.3.3
> mr4.5.4  -> fixed with package version mr4.5.4.6
> mr4.5.5  -> fixed with package version mr4.5.5.2
> mr4.5.6  -> fixed with package version mr4.5.6.2
> mr4.5.7  -> fixed with package version mr4.5.7.2
> mr5.5.1  -> fixed with package version mr5.5.1.2
> mr5.5.2  -> fixed with package version mr5.5.2.2
> mr5.5.3  -> fixed with package version mr5.5.3.2
> mr6.0.1  -> fixed with package version mr6.0.1.2
> mr6.0.2  -> fixed with package version mr6.0.2.2
> mr6.1.1  -> fixed with package version mr6.1.1.2
>
>
> Releases older than mr3.8 are *NOT* supported anymore and will not be 
> hotfixed.
>
>
>
> 2. How to apply the security fix
> Here you find the steps how install the security fix, depending on 
> your current release.
>
> 2.1 SPCE release older than mr3.8.12
> If you are running a release mr3.8.x, with x less than 12, then you 
> should upgrade to mr3.8.12 in order to get the security fix.
> You can follow the usual upgrade procedure described in the handbook:
>
>   [1] SPCE: 
> https://www.sipwise.com/doc/mr3.8.12/spce/ar01s03.html#_upgrade_from_previous_release
>
>
> Even though the issue affecting mr3.8.x is not so critical, we 
> recommend to upgrade in any case to mr3.8.12.
>
>
> 2.2 SPCE release greater or equal to mr4.5.1
> In this case the fix is provided as a hotfix, within your current release.
> In order to install the fix you should upgrade your packages to the 
> latest hotfixes.
>
>
> Best Regards,
>
> -- 
> Daniel Grotti
> Head of Customer Support
> Sipwise GmbH, Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
>
> Office: +43(0)130120332
> Email:dgrotti at sipwise.com
> Website:https://www.sipwise.com
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20180321/5d5bb6b7/attachment-0001.html>


More information about the Spce-user mailing list