Security Information / 2018 / Security Information -- DSA-4292-1 kamailio

Debian Security Advisory

DSA-4292-1 kamailio -- security update

Date Reported:

11 Sep 2018

Affected Packages:

kamailio

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 908324.
In Mitre's CVE dictionary: CVE-2018-16657.

More information:

Henning Westerholt discovered a flaw related to the Via header processing in kamailio, a very fast, dynamic and configurable SIP server. An unauthenticated attacker can take advantage of this flaw to mount a denial of service attack via a specially crafted SIP message with an invalid Via header.

For the stable distribution (stretch), this problem has been fixed in version 4.4.4-2+deb9u3.

We recommend that you upgrade your kamailio packages.

For the detailed security status of kamailio please refer to its security tracker page at: https://security-tracker.debian.org/tracker/kamailio