[reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
Diego Carvalho Domingos
ddomingos at daitangroup.com
Tue Aug 21 06:43:35 CDT 2018
Hi, thanks for the info. I have one question, though. Which version should I update to?
The latest version in the downloads page (https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2 and in git’s releases page (https://github.com/resiprocate/resiprocate/releases) there are only alpha and beta releases after 1.10.2. So, is there a stable release after 1.10.2? Thanks
Diego
From: Joachim De Zutter <dezutterjoachim at gmail.com>
Sent: Monday, August 20, 2018 5:27 AM
To: repro-users at resiprocate.org; resiprocate-devel at resiprocate.org
Subject: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
A heap overflow vulnerability which might lead to a DoS or remote code execution in client and server software using the reSIProcate sip stack has been found. (CVE-2018-12584)
Full advisory: http://joachimdezutter.webredirect.org/advisory.html
The issue has been fixed since this commit:
https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
Please update your software if you haven't done so already.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20180821/896df3a6/attachment.htm>
More information about the resiprocate-devel
mailing list