[Bug 1319089] Re: Add security fixes from upstream

Mon, 16 Jun 2014 07:42:12 -0700 

This bug was fixed in the package openwsman - 2.4.3-0ubuntu4.1

---------------
openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low

  * SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089)
    - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch:
      ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
    - debian/patches/wsmc-create-request-fix-buff-overflow.patch:
      wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
    - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch:
      address LocalSubscriptionOpUpdate() unchecked fopen()
    - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch:
      Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc()
    - debian/patches/mem-allocation-wsman-init-plugins-fix.patch:
      Fix unchecked memory allocation in wsman_init_plugins(), p->ifc
    - debian/patches/mem-allocation-mem-double-newptr-fix.patch:
      Fix unchecked memory allocation in mem_double(), newptr
    - debian/patches/mem-allocation-dictionary-new-fix.patch:
      Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key,
      d->hash
    - debian/patches/mem-allocation-u-error-new-fix.patch:
      Fix unchecked memory allocation in u_error_new(), *error
    - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch:
      sighup_handler() in wsmand.c use of unsafe functions in a signal handler
    - debian/patches/SHA512-password-fixes.patch:
      Support SHA512 password encoding, use safe_cmp to prevent brute-force
      attacks
    - debian/patches/increase-password-upper-limit.patch:
      increase password upper limit to 128 characters (from 64)
 -- Kent Baxley <[email protected]>   Fri, 06 Jun 2014 12:55:02 -0500

** Changed in: openwsman (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1319089

Title:
  Add security fixes from upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openwsman/+bug/1319089/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to