========================================================================== Ubuntu Security Notice USN-7416-1 April 07, 2025
kamailio vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Kamailio. Software Description: - kamailio: very fast, dynamic and configurable SIP server Details: Stelios Tsampas discovered that Kamailio did not correctly handle certain memory operations, which could lead to a buffer overflow. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2385) Henning Westerholt discovered that Kamailio did not correctly handle duplicated headers, which could lead to a segmentation fault. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-14767) It was discovered that Kamailio did not correctly handle parsing certain headers containing whitespace characters. An authenticated attacker could possibly use this issue to gain access to unauthorized resources and expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-28361) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS kamailio 5.3.2-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS kamailio 5.1.2-1ubuntu2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS kamailio 4.3.4-1.1ubuntu2.1+esm2 Available with Ubuntu Pro After a standard system update you need to restart Kamailio to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7416-1 CVE-2016-2385, CVE-2018-14767, CVE-2020-28361
OpenPGP_signature.asc
Description: OpenPGP digital signature
