kamailio-5.x: add fix for CVE-2018-14767 360/head
authorSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 21:25:25 +0000 (23:25 +0200)
committerSebastian Kemper <sebastian_ml@gmx.net>
Mon, 6 Aug 2018 21:25:27 +0000 (23:25 +0200)
commit1c3677ac9656fbdcc469004835a7e0afff40454c
tree575e19d5e26c2dcd746b9f4b4428593b58e56935
parent8f6cce7af828e938f6fb2f595dfeb477c4b2a669
kamailio-5.x: add fix for CVE-2018-14767

CVE-2018-14767: "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a
crafted SIP message with a double "To" header and an empty "To" tag
causes a segmentation fault and crash. The reason is missing input
validation in the "build_res_buf_from_sip_req" core function. This could
result in denial of service and potentially the execution of arbitrary
code."

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
net/kamailio-5.x/Makefile
net/kamailio-5.x/patches/140-CVE-2018-14767.patch [new file with mode: 0644]