[reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in resiprocate through 1.10.2
Scott Godin
sgodin at sipspectrum.com
Tue Sep 11 09:29:23 CDT 2018
Done! :)
On Mon, Sep 10, 2018 at 10:27 AM <slgodin at gmail.com> wrote:
> Good catch, I agree. I'll fix it.
>
> Thanks!
>
> Sent from my iPhone
>
> On Sep 10, 2018, at 9:50 AM, Diego Carvalho Domingos <
> ddomingos at daitangroup.com> wrote:
>
> Hi, only now I noticed that it was introduced an assert in the fix commit (
> https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
> )
> Shouldn’t it be resip_assert? Thanks.
>
> Diego
>
>
>
> *From:* Diego Carvalho Domingos
> *Sent:* Tuesday, August 21, 2018 1:18 PM
> *To:* 'Scott Godin' <sgodin at sipspectrum.com>
> *Cc:* Joachim De Zutter <dezutterjoachim at gmail.com>; repro-users <
> repro-users at resiprocate.org>; resiprocate-devel at resiprocate.org; Daniel
> Pocock <daniel at pocock.pro>
> *Subject:* RE: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability
> in resiprocate through 1.10.2
>
>
>
> Ok, Thanks Scott.
>
>
>
> *From:* Scott Godin <sgodin at sipspectrum.com>
> *Sent:* Tuesday, August 21, 2018 1:09 PM
> *To:* Diego Carvalho Domingos <ddomingos at daitangroup.com>
> *Cc:* Joachim De Zutter <dezutterjoachim at gmail.com>; repro-users <
> repro-users at resiprocate.org>; resiprocate-devel at resiprocate.org; Daniel
> Pocock <daniel at pocock.pro>
> *Subject:* Re: [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability
> in resiprocate through 1.10.2
>
>
>
> Hi Diego,
>
>
>
> A new release has not yet been created. You will need to manually pull
> from Git to get this change. I'm hoping Daniel Pocock will be able to
> drive a new release soon.
>
>
>
> Thanks,
>
> Scott
>
>
>
>
>
> On Tue, Aug 21, 2018 at 7:46 AM Diego Carvalho Domingos <
> ddomingos at daitangroup.com> wrote:
>
> Hi, thanks for the info. I have one question, though. Which version should
> I update to?
> The latest version in the downloads page (
> https://www.resiprocate.org/files/pub/reSIProcate/releases/) is 1.10.2
> and in git’s releases page (
> https://github.com/resiprocate/resiprocate/releases) there are only alpha
> and beta releases after 1.10.2. So, is there a stable release after 1.10.2?
> Thanks
>
> Diego
>
> *From:* Joachim De Zutter <dezutterjoachim at gmail.com>
> *Sent:* Monday, August 20, 2018 5:27 AM
> *To:* repro-users at resiprocate.org; resiprocate-devel at resiprocate.org
> *Subject:* [reSIProcate] [CVE-2018-12584] Heap overflow vulnerability in
> resiprocate through 1.10.2
>
>
>
> A heap overflow vulnerability which might lead to a DoS or remote code
> execution in client and server software using the reSIProcate sip stack has
> been found. (CVE-2018-12584)
>
> Full advisory: http://joachimdezutter.webredirect.org/advisory.html
>
> The issue has been fixed since this commit:
>
>
> https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
>
> Please update your software if you haven't done so already.
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20180911/d0047432/attachment.htm>
More information about the resiprocate-devel
mailing list