chicken-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-users] [SECURITY] Fix select() buffer overrun on Android platfo


From: Moritz Heidkamp
Subject: [Chicken-users] [SECURITY] Fix select() buffer overrun on Android platform
Date: Fri, 29 Aug 2014 19:48:18 +0200

Dear CHICKEN users,

the Android platform target that was added in the 4.9 release series
built CHICKEN with the unsafe POSIX select() syscall, making it
vulnerable to a buffer overrun attack[1]. This is fixed in master
(bbf5c1d) by switching to POSIX poll() on Android, too. We are also
preparing a patch that inverts the default to poll() so as to avoid this
happening again with future platforms additions.

Affected versions: 4.9.0, 4.9.0.1
Fix versions: 4.9.0.2, 4.9.1, 5.0

Kind regards,
The CHICKEN team

[1] See original vulnerability announcement for details:
    http://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html



reply via email to

[Prev in Thread] Current Thread [Next in Thread]