This bug was fixed in the package openwsman - 2.4.3-0ubuntu4.1
--------------- openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low
* SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) - debian/patches/ws-xml-make-default-prefix-buff-overflow-fix.patch: ws_xml_make_default_prefix() can overflow buf parameter via sprintf() - debian/patches/wsmc-create-request-fix-buff-overflow.patch: wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW - debian/patches/LocalSubscriptionOpUpdate-fix-fopen.patch: address LocalSubscriptionOpUpdate() unchecked fopen() - debian/patches/wsman-get-fault-status-sanity-guard-fix.patch: Fix incorrect order of sanity guards in wsman_get_fault_status_from_doc() - debian/patches/mem-allocation-wsman-init-plugins-fix.patch: Fix unchecked memory allocation in wsman_init_plugins(), p->ifc - debian/patches/mem-allocation-mem-double-newptr-fix.patch: Fix unchecked memory allocation in mem_double(), newptr - debian/patches/mem-allocation-dictionary-new-fix.patch: Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash - debian/patches/mem-allocation-u-error-new-fix.patch: Fix unchecked memory allocation in u_error_new(), *error - debian/patches/remove-unsafe-debug-call-from-sighup-handler.patch: sighup_handler() in wsmand.c use of unsafe functions in a signal handler - debian/patches/SHA512-password-fixes.patch: Support SHA512 password encoding, use safe_cmp to prevent brute-force attacks - debian/patches/increase-password-upper-limit.patch: increase password upper limit to 128 characters (from 64) -- Kent Baxley <email address hidden> Fri, 06 Jun 2014 12:55:02 -0500
This bug was fixed in the package openwsman - 2.4.3-0ubuntu4.1
---------------
openwsman (2.4.3-0ubuntu4.1) trusty-security; urgency=low
* SECURITY UPDATE: Add security fixes from upstream openwsman (LP: #1319089) patches/ ws-xml- make-default- prefix- buff-overflow- fix.patch: xml_make_ default_ prefix( ) can overflow buf parameter via sprintf() patches/ wsmc-create- request- fix-buff- overflow. patch: create_ request( ) potential buf[20] overflow via WSMAN_ACTION_RENEW patches/ LocalSubscripti onOpUpdate- fix-fopen. patch: onOpUpdate( ) unchecked fopen() patches/ wsman-get- fault-status- sanity- guard-fix. patch: fault_status_ from_doc( ) patches/ mem-allocation- wsman-init- plugins- fix.patch: plugins( ), p->ifc patches/ mem-allocation- mem-double- newptr- fix.patch: patches/ mem-allocation- dictionary- new-fix. patch: patches/ mem-allocation- u-error- new-fix. patch: patches/ remove- unsafe- debug-call- from-sighup- handler. patch: handler( ) in wsmand.c use of unsafe functions in a signal handler patches/ SHA512- password- fixes.patch: patches/ increase- password- upper-limit. patch:
- debian/
ws_
- debian/
wsmc_
- debian/
address LocalSubscripti
- debian/
Fix incorrect order of sanity guards in wsman_get_
- debian/
Fix unchecked memory allocation in wsman_init_
- debian/
Fix unchecked memory allocation in mem_double(), newptr
- debian/
Fix unchecked memory allocation in dictionary_new(), d, d->val, d->key,
d->hash
- debian/
Fix unchecked memory allocation in u_error_new(), *error
- debian/
sighup_
- debian/
Support SHA512 password encoding, use safe_cmp to prevent brute-force
attacks
- debian/
increase password upper limit to 128 characters (from 64)
-- Kent Baxley <email address hidden> Fri, 06 Jun 2014 12:55:02 -0500