bwh: (Default)
[personal profile] bwh

There is a potential buffer overflow in logging of CAPI messages in libcapi20 (part of isdnutils; bug 408530). The same broken code from libcapi20 is present in the Linux kernel (bug 411294). Also, the affected functions are not thread-safe and are unlikely to be made so without API changes; multithreaded programs calling them must use a mutex to avoid another security flaw; (such as asterisk-chan-capi; bug 411293).

I have prepared updates of asterisk-chan-capi and isdnutils for sarge and sid but I have no ISDN hardware to test them with. I would appreciate it if users of these packages would test the updates and report their results to the associated bugs.

The patches can be found attached to the bug reports. Updated packages are at:

deb http://womble.decadent.org.uk/debian/ distribution/
deb-src http://womble.decadent.org.uk/debian/ distribution/

(the repository is signed with my personal GPG key).

From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

February 2011

S M T W T F S
  12345
6789101112
13141516171819
20212223 242526
2728     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 18th, 2017 04:27 pm
Powered by Dreamwidth Studios