[reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
Scott Godin
sgodin at sipspectrum.com
Tue Aug 21 11:08:40 CDT 2018
Hi Diego,
A new release has not yet been created. You will need to manually pull
from Git to get this change. I'm hoping Daniel Pocock will be able to
drive a new release soon.
Thanks,
Scott
On Tue, Aug 21, 2018 at 7:46 AM Diego Carvalho Domingos <
ddomingos at daitangroup.com> wrote:
> Hi, thanks for the info. I have one question, though. Which version should
> I update to?
> The latest version in the downloads page (
> https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2
> and in git’s releases page (
> https://github.com/resiprocate/resiprocate/releases) there are only alpha
> and beta releases after 1.10.2. So, is there a stable release after 1.10.2?
> Thanks
>
> Diego
>
> *From:* Joachim De Zutter <dezutterjoachim at gmail.com>
> *Sent:* Monday, August 20, 2018 5:27 AM
> *To:* repro-users at resiprocate.org; resiprocate-devel at resiprocate.org
> *Subject:* [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in
> resiprocate through 1.10.2
>
>
>
> A heap overflow vulnerability which might lead to a DoS or remote code
> execution in client and server software using the reSIProcate sip stack has
> been found. (CVE-2018-12584)
>
> Full advisory: http://joachimdezutter.webredirect.org/advisory.html
>
> The issue has been fixed since this commit:
>
>
> https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
>
> Please update your software if you haven't done so already.
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20180821/7f1568bd/attachment.htm>
More information about the resiprocate-devel
mailing list