Debian DLA-1503-1 : kamailio security update
High Nessus Plugin ID 117464
SynopsisThe remote Debian host is missing a security update.
DescriptionIt was discovered that there was a denial of service and a potential arbitrary code execution vulnerability in the kamailio SIP server.
A specially crafted SIP message with an invalid 'Via' header could cause a segmentation fault and crash Kamailio due to missing input validation.
For Debian 8 'Jessie', this issue has been fixed in kamailio version 4.2.0-2+deb8u5.
We recommend that you upgrade your kamailio packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.