[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-announce] [SECURITY] Fix select() buffer overrun on Android pla
From: |
Moritz Heidkamp |
Subject: |
[Chicken-announce] [SECURITY] Fix select() buffer overrun on Android platform |
Date: |
Fri, 29 Aug 2014 19:48:18 +0200 |
Dear CHICKEN users,
the Android platform target that was added in the 4.9 release series
built CHICKEN with the unsafe POSIX select() syscall, making it
vulnerable to a buffer overrun attack[1]. This is fixed in master
(bbf5c1d) by switching to POSIX poll() on Android, too. We are also
preparing a patch that inverts the default to poll() so as to avoid this
happening again with future platforms additions.
Affected versions: 4.9.0, 4.9.0.1
Fix versions: 4.9.0.2, 4.9.1, 5.0
Kind regards,
The CHICKEN team
[1] See original vulnerability announcement for details:
http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Chicken-announce] [SECURITY] Fix select() buffer overrun on Android platform,
Moritz Heidkamp <=