Skip to content

Version 3.2d13 – Development Version, Important Security Update

Pre-release
Pre-release
Compare
Choose a tag to compare
@mikebrady mikebrady released this 23 Nov 15:51
· 3687 commits to development since this release
3.2d13
30dd9ca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Security Update

  • The version of tinysvcmdns bundled in Shairport Sync has a buffer overflow bug: "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." The vulnerability is addressed by additional checking on packet sizes. See also CVE-2017-12087 and Vulnerability in tinysvcmdns.
    Thanks and Chris Boot for fixing this bug.

Continuing experiments with D-Bus and MPRIS support. As before, please note that the implementation is likely to change greatly or be removed at any time.

Assets 2
Loading