[sr-dev] INFO: Relevant fixes in the last releases
Daniel-Constantin Mierla
miconda at gmail.com
Wed Mar 14 17:30:23 CET 2018
Hello,
I want to highlight that the last stable versions (for the latest 3
release series: 4.4, 5.0 and 5.1) include fixes for two issues that can
crash a running instance of Kamailio, therefore it is strongly
recommended to upgrade if you are using tmx or lcr modules.
Next week a CVE report is going to be created with more details about
one of these issues.
The issues were reported privately, one by security researchers and one
by a community member, and were fixed quickly. The code related to the
reported issues is rather old (few years by now) and there are no known
incidents of exploiting these issues so far. However, once the CVE
report comes public, there could be a higher risk of exploitation.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
More information about the sr-dev
mailing list