[SECURITY] [DLA 1503-1] kamailio security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1503-1] kamailio security update
From: Chris Lamb <lamby@debian.org>
Date: Wed, 12 Sep 2018 11:43:20 +0100
Message-id: <[🔎] 1536749000.147432.1505401384.777B0280@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : kamailio
Version        : 4.2.0-2+deb8u5
CVE ID         : CVE-2018-16657
Debian Bug     : #908324

It was discovered that there was a denial of service and a potential
arbitrary code execution vulnerability in the kamailio SIP server.

A specially-crafted SIP message with an invalid "Via" header could cause a
segmentation fault and crash Kamailio due to missing input validation.

For Debian 8 "Jessie", this issue has been fixed in kamailio version
4.2.0-2+deb8u5.

We recommend that you upgrade your kamailio packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluY7XsACgkQHpU+J9Qx
Hlio4hAAp1aSCGFey+nsDuyxF5ai68qQfCGpQJnqlEFOzheBDETYm8/B3LUg6bAt
aqrcXnlCQKR198F12IFV2b9K0cJNLyUQt26Elk1qW7U2mrjQABXGGGA3BonxBdhS
PQnZorWmoc/taCGGULgTz2UK8OGXeRlYSRWEuGT0kDikRZENV/N6kKUyPHgCbJGG
IzUWJqSzS0csssEwkuPiQ+BhyH3Frwkpd4SfDQzpR5bPzYJpXXONPLCGRtwQTqUZ
AZVuyaGwtZEpJ2WyiIS04D8PVCKUapEASvR4BvaiKGevPrY5VjbfncyU/sKmkOk2
V7IrYdJmsQ2km+CB6edzvyZdmDh3zdbbPm02qpiklU8XC0UmAI44qypMgk/DexXm
Szti99CUR3+IRSv56ZQmk1w6alp3YmAgeqI6KodQGG3pkgGdkzmuaFObAsFYbOGz
5NUU0oHte+sRkmxv/wmchxTHeGm7GSOz7QBz4ST99jt5mFgK15vTMVHfd7eMCf3W
t/lhEEmFWCyZVHjo7YBxPLQ9NG9lLLkviZkVZ2qjVv4VpgYOoj3DSNfUkhj1dKHU
Vih9kx2/QE7sOPJiCoJBYbp84Nqy+wFGN3qhxcC+DOE/n0z05QiPZ3GGEH+PANbs
W0NfjMwG4FXIrjFmvo23ppoF82Ldh4lfTHg4wTKMLZosj0wlYhw=
=DGqt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1502-1] mgetty security update
Next by Date: [SECURITY] [DLA 1500-2] openssh regression update
Previous by thread: [SECURITY] [DLA 1502-1] mgetty security update
Next by thread: [SECURITY] [DLA 1500-2] openssh regression update
Index(es):
- Date
- Thread