[sr-dev] INFO: Relevant fixes in the last releases

Daniel-Constantin Mierla miconda at gmail.com
Wed Mar 14 17:30:23 CET 2018


Hello,

I want to highlight that the last stable versions (for the latest 3
release series: 4.4, 5.0 and 5.1) include fixes for two issues that can
crash a running instance of Kamailio, therefore it is strongly
recommended to upgrade if you are using tmx or lcr modules.

Next week a CVE report is going to be created with more details about
one of these issues.

The issues were reported privately, one by security researchers and one
by a community member, and were fixed quickly. The code related to the
reported issues is rather old (few years by now) and there are no known
incidents of exploiting these issues so far. However, once the CVE
report comes public, there could be a higher risk of exploitation.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com




More information about the sr-dev mailing list