16 Mar
2018
16 Mar
'18
6 p.m.
On Wed, Mar 14, 2018 at 05:30:23PM +0100, Daniel-Constantin Mierla wrote:
I want to highlight that the last stable versions (for the latest 3 release series: 4.4, 5.0 and 5.1) include fixes for two issues that can crash a running instance of Kamailio, therefore it is strongly recommended to upgrade if you are using tmx or lcr modules.
Next week a CVE report is going to be created with more details about one of these issues.
It is not totaly clear for me if the issue that will be revealed is already fixed in 4.4.7, 5.0.6, and 5.1.2 or whether we will need to update to a new release next week. I guess/hope it is the former.
Kudos to the people/organisations finding these flaws and disclosing responsibly.