Quantcast

Openwsman 2.4.4 is released !

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Openwsman 2.4.4 is released !

Klaus Kaempf
Openwsman 2.4.4 is released, get it from
https://github.com/Openwsman/openwsman/releases/tag/v2.4.4


This release is mostly focused on fixing security issues reported by
the Ubuntu security team.

Kudos to them for a thorough code review !

Not all reported issues are fixed, only the most obvious/critical ones.

Security related fixes

- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
- LocalSubscriptionOpUpdate() unchecked fopen()
- Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
- Unchecked memory allocation in wsman_init_plugins(), p->ifc
- Unchecked memory allocation in mem_double(), newptr
- Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
- Unchecked memory allocation in u_error_new(), *error
- sighup_handler() in wsmand.c uses unsafe functions in a signal handler

Features

- add rcopenwsman command to systemd environments
- add rcopenwsmand command for backwards compatibility

Bindings

- support rdoc 2.1 in Ruby bindings
- cmake: use PYTHON_INCLUDE_DIRS


Enjoy,

Klaus
--
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5, 90409 Nürnberg, Germany

------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Loading...