Openwsman 2.4.4 is released !

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Openwsman 2.4.4 is released !

Klaus Kaempf
Openwsman 2.4.4 is released, get it from

This release is mostly focused on fixing security issues reported by
the Ubuntu security team.

Kudos to them for a thorough code review !

Not all reported issues are fixed, only the most obvious/critical ones.

Security related fixes

- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
- LocalSubscriptionOpUpdate() unchecked fopen()
- Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
- Unchecked memory allocation in wsman_init_plugins(), p->ifc
- Unchecked memory allocation in mem_double(), newptr
- Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
- Unchecked memory allocation in u_error_new(), *error
- sighup_handler() in wsmand.c uses unsafe functions in a signal handler


- add rcopenwsman command to systemd environments
- add rcopenwsmand command for backwards compatibility


- support rdoc 2.1 in Ruby bindings


SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Maxfeldstraße 5, 90409 Nürnberg, Germany

Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
Openwsman-devel mailing list
[hidden email]