Debian Security Advisory
DLA-1503-1 kamailio -- LTS security update
- Date Reported:
- 12 Sep 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-16657.
- More information:
It was discovered that there was a denial of service and a potential arbitrary code execution vulnerability in the kamailio SIP server.
A specially-crafted SIP message with an invalid
Viaheader could cause a segmentation fault and crash Kamailio due to missing input validation.
For Debian 8
Jessie, this issue has been fixed in kamailio version 4.2.0-2+deb8u5.
We recommend that you upgrade your kamailio packages.