Lucene search

DebianDEBIAN:DSA-4267-1:6C6CA

HistoryAug 08, 2018 - 8:12 p.m.

[SECURITY] [DSA 4267-1] kamailio security update

2018-08-0820:12:05

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.626

Percentile

97.9%

JSON

Debian Security Advisory DSA-4267-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2018 https://www.debian.org/security/faq

Package : kamailio
CVE ID : CVE-2018-14767

Henning Westerholt discovered a flaw related to the To header processing
in kamailio, a very fast, dynamic and configurable SIP server. Missing
input validation in the build_res_buf_from_sip_req function could result
in denial of service and potentially the execution of arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 4.4.4-2+deb9u2.

We recommend that you upgrade your kamailio packages.

For the detailed security status of kamailio please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/kamailio

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipskamailio-autheph-modules< 4.4.4-2+deb9u2kamailio-autheph-modules_4.4.4-2+deb9u2_mips.deb
Debian9ppc64elkamailio-ims-modules< 4.4.4-2+deb9u2kamailio-ims-modules_4.4.4-2+deb9u2_ppc64el.deb
Debian9armhfkamailio-cnxcc-modules< 4.4.4-2+deb9u2kamailio-cnxcc-modules_4.4.4-2+deb9u2_armhf.deb
Debian8armelkamailio-memcached-modules< 4.2.0-2+deb8u4kamailio-memcached-modules_4.2.0-2+deb8u4_armel.deb
Debian9ppc64elkamailio-snmpstats-modules< 4.4.4-2+deb9u2kamailio-snmpstats-modules_4.4.4-2+deb9u2_ppc64el.deb
Debian8armelkamailio-snmpstats-modules< 4.2.0-2+deb8u4kamailio-snmpstats-modules_4.2.0-2+deb8u4_armel.deb
Debian9armelkamailio-utils-modules< 4.4.4-2+deb9u2kamailio-utils-modules_4.4.4-2+deb9u2_armel.deb
Debian9arm64kamailio-berkeley-modules< 4.4.4-2+deb9u2kamailio-berkeley-modules_4.4.4-2+deb9u2_arm64.deb
Debian9mipselkamailio< 4.4.4-2+deb9u2kamailio_4.4.4-2+deb9u2_mipsel.deb
Debian9mipselkamailio-unixodbc-modules< 4.4.4-2+deb9u2kamailio-unixodbc-modules_4.4.4-2+deb9u2_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	kamailio-autheph-modules	< 4.4.4-2+deb9u2	kamailio-autheph-modules_4.4.4-2+deb9u2_mips.deb
Debian	9	ppc64el	kamailio-ims-modules	< 4.4.4-2+deb9u2	kamailio-ims-modules_4.4.4-2+deb9u2_ppc64el.deb
Debian	9	armhf	kamailio-cnxcc-modules	< 4.4.4-2+deb9u2	kamailio-cnxcc-modules_4.4.4-2+deb9u2_armhf.deb
Debian	8	armel	kamailio-memcached-modules	< 4.2.0-2+deb8u4	kamailio-memcached-modules_4.2.0-2+deb8u4_armel.deb
Debian	9	ppc64el	kamailio-snmpstats-modules	< 4.4.4-2+deb9u2	kamailio-snmpstats-modules_4.4.4-2+deb9u2_ppc64el.deb
Debian	8	armel	kamailio-snmpstats-modules	< 4.2.0-2+deb8u4	kamailio-snmpstats-modules_4.2.0-2+deb8u4_armel.deb
Debian	9	armel	kamailio-utils-modules	< 4.4.4-2+deb9u2	kamailio-utils-modules_4.4.4-2+deb9u2_armel.deb
Debian	9	arm64	kamailio-berkeley-modules	< 4.4.4-2+deb9u2	kamailio-berkeley-modules_4.4.4-2+deb9u2_arm64.deb
Debian	9	mipsel	kamailio	< 4.4.4-2+deb9u2	kamailio_4.4.4-2+deb9u2_mipsel.deb
Debian	9	mipsel	kamailio-unixodbc-modules	< 4.4.4-2+deb9u2	kamailio-unixodbc-modules_4.4.4-2+deb9u2_mipsel.deb