Debian Security Advisory
DSA-4292-1 kamailio -- security update
- Date Reported:
- 11 Sep 2018
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 908324.
In Mitre's CVE dictionary: CVE-2018-16657.
- More information:
Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.
For the stable distribution (stretch), this problem has been fixed in version 4.4.4-2+deb9u3.
We recommend that you upgrade your kamailio packages.
For the detailed security status of kamailio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/kamailio