[reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
slgodin at gmail.com
slgodin at gmail.com
Mon Sep 10 09:27:17 CDT 2018
Good catch, I agree. I'll fix it.
Thanks!
Sent from my iPhone
> On Sep 10, 2018, at 9:50 AM, Diego Carvalho Domingos <ddomingos at daitangroup.com> wrote:
>
> Hi, only now I noticed that it was introduced an assert in the fix commit (https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608)
> Shouldn’t it be resip_assert? Thanks.
>
> Diego
>
> From: Diego Carvalho Domingos
> Sent: Tuesday, August 21, 2018 1:18 PM
> To: 'Scott Godin' <sgodin at sipspectrum.com>
> Cc: Joachim De Zutter <dezutterjoachim at gmail.com>; repro-users <repro-users at resiprocate.org>; resiprocate-devel at resiprocate.org; Daniel Pocock <daniel at pocock.pro>
> Subject: RE: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
>
> Ok, Thanks Scott.
>
> From: Scott Godin <sgodin at sipspectrum.com>
> Sent: Tuesday, August 21, 2018 1:09 PM
> To: Diego Carvalho Domingos <ddomingos at daitangroup.com>
> Cc: Joachim De Zutter <dezutterjoachim at gmail.com>; repro-users <repro-users at resiprocate.org>; resiprocate-devel at resiprocate.org; Daniel Pocock <daniel at pocock.pro>
> Subject: Re: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
>
> Hi Diego,
>
> A new release has not yet been created. You will need to manually pull from Git to get this change. I'm hoping Daniel Pocock will be able to drive a new release soon.
>
> Thanks,
> Scott
>
>
> On Tue, Aug 21, 2018 at 7:46 AM Diego Carvalho Domingos <ddomingos at daitangroup.com> wrote:
> Hi, thanks for the info. I have one question, though. Which version should I update to?
> The latest version in the downloads page (https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2 and in git’s releases page (https://github.com/resiprocate/resiprocate/releases) there are only alpha and beta releases after 1.10.2. So, is there a stable release after 1.10.2? Thanks
>
> Diego
>
> From: Joachim De Zutter <dezutterjoachim at gmail.com>
> Sent: Monday, August 20, 2018 5:27 AM
> To: repro-users at resiprocate.org; resiprocate-devel at resiprocate.org
> Subject: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
>
> A heap overflow vulnerability which might lead to a DoS or remote code execution in client and server software using the reSIProcate sip stack has been found. (CVE-2018-12584)
>
> Full advisory: http://joachimdezutter.webredirect.org/advisory.html
>
> The issue has been fixed since this commit:
>
> https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
>
> Please update your software if you haven't done so already.
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20180910/e037ad07/attachment.htm>
More information about the resiprocate-devel
mailing list