Debian Security Advisory

DSA-4292-1 kamailio -- security update

Date Reported:
11 Sep 2018
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 908324.
In Mitre's CVE dictionary: CVE-2018-16657.
More information:

Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.

For the stable distribution (stretch), this problem has been fixed in version 4.4.4-2+deb9u3.

We recommend that you upgrade your kamailio packages.

For the detailed security status of kamailio please refer to its security tracker page at: