14 Mar
2018
14 Mar
'18
4:30 p.m.
Hello,
I want to highlight that the last stable versions (for the latest 3 release series: 4.4, 5.0 and 5.1) include fixes for two issues that can crash a running instance of Kamailio, therefore it is strongly recommended to upgrade if you are using tmx or lcr modules.
Next week a CVE report is going to be created with more details about one of these issues.
The issues were reported privately, one by security researchers and one by a community member, and were fixed quickly. The code related to the reported issues is rather old (few years by now) and there are no known incidents of exploiting these issues so far. However, once the CVE report comes public, there could be a higher risk of exploitation.
Cheers, Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com