[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] [SECURITY] Fix select() buffer overrun on Android platfo

From: Moritz Heidkamp
Subject: [Chicken-users] [SECURITY] Fix select() buffer overrun on Android platform
Date: Fri, 29 Aug 2014 19:48:18 +0200

Dear CHICKEN users,

the Android platform target that was added in the 4.9 release series
built CHICKEN with the unsafe POSIX select() syscall, making it
vulnerable to a buffer overrun attack[1]. This is fixed in master
(bbf5c1d) by switching to POSIX poll() on Android, too. We are also
preparing a patch that inverts the default to poll() so as to avoid this
happening again with future platforms additions.

Affected versions: 4.9.0,
Fix versions:, 4.9.1, 5.0

Kind regards,
The CHICKEN team

[1] See original vulnerability announcement for details:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]