[Spce-user] Security Announcement related to kamailio
dgrotti at sipwise.com
Wed Mar 21 07:26:24 EDT 2018
please find here the official CVE from debian:
Head of Customer Support
Sipwise GmbH, Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Email: dgrotti at sipwise.com
On 03/19/2018 01:16 PM, Daniel Grotti wrote:
> Dear SPCE users,
> we would like to highlight that the last stable versions of kamailio
> (for the latest 3release series: 4.4, 5.0 and 5.1) include fixes for
> two issues that cancrash a running instance of Kamailio, therefore it
> is strongly
> recommended to upgrade the kamailio packages on your C5 systems.
> A detailed description of the security issue is reported here: CVE
> link not yet assigned.
> The fix does not include any functional changes, so the call
> functionality and features will remain intact.
> 1. SPCE releases affected
> The following list shows you which SPCE supported releases are affected:
> mr3.8.x -> fixed in mr3.8.12 with package version mr220.127.116.11
> mr4.5.1 -> fixed with package version mr18.104.22.168
> mr4.5.2 -> fixed with package version mr22.214.171.124
> mr4.5.3 -> fixed with package version mr126.96.36.199
> mr4.5.4 -> fixed with package version mr188.8.131.52
> mr4.5.5 -> fixed with package version mr184.108.40.206
> mr4.5.6 -> fixed with package version mr220.127.116.11
> mr4.5.7 -> fixed with package version mr18.104.22.168
> mr5.5.1 -> fixed with package version mr22.214.171.124
> mr5.5.2 -> fixed with package version mr126.96.36.199
> mr5.5.3 -> fixed with package version mr188.8.131.52
> mr6.0.1 -> fixed with package version mr184.108.40.206
> mr6.0.2 -> fixed with package version mr220.127.116.11
> mr6.1.1 -> fixed with package version mr18.104.22.168
> Releases older than mr3.8 are *NOT* supported anymore and will not be
> 2. How to apply the security fix
> Here you find the steps how install the security fix, depending on
> your current release.
> 2.1 SPCE release older than mr3.8.12
> If you are running a release mr3.8.x, with x less than 12, then you
> should upgrade to mr3.8.12 in order to get the security fix.
> You can follow the usual upgrade procedure described in the handbook:
>  SPCE:
> Even though the issue affecting mr3.8.x is not so critical, we
> recommend to upgrade in any case to mr3.8.12.
> 2.2 SPCE release greater or equal to mr4.5.1
> In this case the fix is provided as a hotfix, within your current release.
> In order to install the fix you should upgrade your packages to the
> latest hotfixes.
> Best Regards,
> Daniel Grotti
> Head of Customer Support
> Sipwise GmbH, Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
> Office: +43(0)130120332
> Email:dgrotti at sipwise.com
> Spce-user mailing list
> Spce-user at lists.sipwise.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Spce-user