<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<pre>This message was generated by the Security Alerts service ( Free Trial 14th of August - 14th of September )
<a class="moz-txt-link-freetext" href="http://www.opensips.org/Resources/AlertsMain">http://www.opensips.org/Resources/AlertsMain</a><b>
SVN commit</b>:
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><a href="http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9231">http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9231</a>
<b>Severity</b>: Medium
<b>Version</b> : 1.7, 1.8, trunk
<b>Affected modules</b> : Nat_traversal
<b>Effect</b> : Memory leak when doing NAT keepalives
<b>Affected scenarios</b>: When using the nat_keepalive() function for pinging
nat-ed clients, there was the possibility of memory leaks.
<b>Description</b> : This was a classical 'memory leak' scenario, where not all the
resources were freed. More specific, the SIP message structure was not completely
de-allocated and freed. <b>
Risks</b> : The memory leaks would eventually lead to filling up the entire OpenSIPS
memory and then to the loss of SIP processing ability. Thus, if using the
Nat_traversal module for NAT pinging, updating is critical.
<b>Update</b> :
- if you have an SVN checkout, 1.7, 1.8 and trunk were fixed; so
update to a revision later than 9231 (trunk), 9232 (1.8 branch) or
9233 ( 1.7 branch )
- if you have OpenSIPS from sources, download and apply the patch from
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><a href="http://opensips.svn.sourceforge.net/viewvc/opensips/trunk/modules/nat_traversal/nat_traversal.c?view=patch&r1=9231&r2=9230&pathrev=9231">http://opensips.svn.sourceforge.net/viewvc/opensips/trunk/modules/nat_traversal/nat_traversal.c?view=patch&r1=9231&r2=9230&pathrev=9231</a>
or see the attached patch;
- if using tarballs, they were already regenerated (and include the fix)
- If using the official Debian package (apt.opensips.org), they are also
re-generated including the fix
</pre>
<pre class="moz-signature" cols="72">--
Vlad Paiu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a>
</pre>
</body>
</html>