Lucene search

DebianDEBIAN:DSA-4148-1:553AD

HistoryMar 22, 2018 - 10:08 p.m.

[SECURITY] [DSA 4148-1] kamailio security update

2018-03-2222:08:29

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.14 Low

EPSS

Percentile

95.7%

JSON

Debian Security Advisory DSA-4148-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 22, 2018 https://www.debian.org/security/faq

Package : kamailio
CVE ID : CVE-2018-8828

Alfred Farrugia and Sandro Gauci discovered an off-by-one heap overflow
in the Kamailio SIP server which could result in denial of service and
potentially the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 4.2.0-2+deb8u3.

For the stable distribution (stretch), this problem has been fixed in
version 4.4.4-2+deb9u1.

We recommend that you upgrade your kamailio packages.

For the detailed security status of kamailio please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kamailio

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9arm64kamailio-tls-modules< 4.4.4-2+deb9u1kamailio-tls-modules_4.4.4-2+deb9u1_arm64.deb
Debian8amd64kamailio-mono-modules< 4.2.0-2+deb8u3kamailio-mono-modules_4.2.0-2+deb8u3_amd64.deb
Debian9armelkamailio-postgres-modules< 4.4.4-2+deb9u1kamailio-postgres-modules_4.4.4-2+deb9u1_armel.deb
Debian9mipselkamailio-json-modules< 4.4.4-2+deb9u1kamailio-json-modules_4.4.4-2+deb9u1_mipsel.deb
Debian9mipskamailio-java-modules< 4.4.4-2+deb9u1kamailio-java-modules_4.4.4-2+deb9u1_mips.deb
Debian9mipselkamailio-mono-modules< 4.4.4-2+deb9u1kamailio-mono-modules_4.4.4-2+deb9u1_mipsel.deb
Debian9armelkamailio-redis-modules< 4.4.4-2+deb9u1kamailio-redis-modules_4.4.4-2+deb9u1_armel.deb
Debian9i386kamailio-carrierroute-modules< 4.4.4-2+deb9u1kamailio-carrierroute-modules_4.4.4-2+deb9u1_i386.deb
Debian9mips64elkamailio-geoip-modules< 4.4.4-2+deb9u1kamailio-geoip-modules_4.4.4-2+deb9u1_mips64el.deb
Debian9ppc64elkamailio-dbg< 4.4.4-2+deb9u1kamailio-dbg_4.4.4-2+deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	arm64	kamailio-tls-modules	< 4.4.4-2+deb9u1	kamailio-tls-modules_4.4.4-2+deb9u1_arm64.deb
Debian	8	amd64	kamailio-mono-modules	< 4.2.0-2+deb8u3	kamailio-mono-modules_4.2.0-2+deb8u3_amd64.deb
Debian	9	armel	kamailio-postgres-modules	< 4.4.4-2+deb9u1	kamailio-postgres-modules_4.4.4-2+deb9u1_armel.deb
Debian	9	mipsel	kamailio-json-modules	< 4.4.4-2+deb9u1	kamailio-json-modules_4.4.4-2+deb9u1_mipsel.deb
Debian	9	mips	kamailio-java-modules	< 4.4.4-2+deb9u1	kamailio-java-modules_4.4.4-2+deb9u1_mips.deb
Debian	9	mipsel	kamailio-mono-modules	< 4.4.4-2+deb9u1	kamailio-mono-modules_4.4.4-2+deb9u1_mipsel.deb
Debian	9	armel	kamailio-redis-modules	< 4.4.4-2+deb9u1	kamailio-redis-modules_4.4.4-2+deb9u1_armel.deb
Debian	9	i386	kamailio-carrierroute-modules	< 4.4.4-2+deb9u1	kamailio-carrierroute-modules_4.4.4-2+deb9u1_i386.deb
Debian	9	mips64el	kamailio-geoip-modules	< 4.4.4-2+deb9u1	kamailio-geoip-modules_4.4.4-2+deb9u1_mips64el.deb
Debian	9	ppc64el	kamailio-dbg	< 4.4.4-2+deb9u1	kamailio-dbg_4.4.4-2+deb9u1_ppc64el.deb