Another security advisory -- Additional CPU amplification case

209 views
Skip to first unread message

Kenton Varda

unread,
Mar 5, 2015, 2:52:08 PM3/5/15
to capnproto...@googlegroups.com
Hi capnproto-announce,

Unfortunately, it turns out that our fix for one of the security advisories issued on Monday missed a case.

Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time.

Nevertheless, we’ve issued a new advisory:


And pushed a new release:

Release 0.5.1.2:
Release 0.4.1.2:

Sorry for the rapid repeated releases, but we don’t like sitting on security bugs.

-Kenton

Reply all
Reply to author
Forward
0 new messages