annotate src/capnproto-git-20161025/doc/_posts/2015-03-05-another-cpu-amplification.md @ 149:279b18cc7785
Update Win32 capnp builds to v0.6
| author |
Chris Cannam <cannam@all-day-breakfast.com> |
| date |
Tue, 23 May 2017 09:16:54 +0100 |
| parents |
1ac99bfc383d |
| children |
|
| rev |
line source |
|
cannam@133
|
1 ---
|
|
cannam@133
|
2 layout: post
|
|
cannam@133
|
3 title: "Another security advisory -- Additional CPU amplification case"
|
|
cannam@133
|
4 author: kentonv
|
|
cannam@133
|
5 ---
|
|
cannam@133
|
6
|
|
cannam@133
|
7 Unfortunately, it turns out that our fix for one of [the security advisories issued on Monday](2015-03-02-security-advisory-and-integer-overflow-protection.html) was not complete.
|
|
cannam@133
|
8
|
|
cannam@133
|
9 Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time.
|
|
cannam@133
|
10
|
|
cannam@133
|
11 Nevertheless, we've issued [a new advisory](https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2015-03-05-0-c++-addl-cpu-amplification.md) and pushed a new release:
|
|
cannam@133
|
12
|
|
cannam@133
|
13 - Release 0.5.1.2: [source](https://capnproto.org/capnproto-c++-0.5.1.2.tar.gz), [win32](https://capnproto.org/capnproto-c++-win32-0.5.1.2.zip)
|
|
cannam@133
|
14 - Release 0.4.1.2: [source](https://capnproto.org/capnproto-c++-0.4.1.2.tar.gz)
|
|
cannam@133
|
15
|
|
cannam@133
|
16 Sorry for the rapid repeated releases, but we don't like sitting on security bugs.
|
