UbuntuUpdates.org

Package "ofono-scripts"

Name: ofono-scripts

Description:

Mobile telephony stack (test and maintenance script files)
Latest version: 1.31-3ubuntu1.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: ofono
Homepage: http://www.ofono.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ofono-scripts"

All arch deb package
APT INSTALL

Other versions of "ofono-scripts" in Jammy

Repository Area Version
base universe 1.31-3ubuntu1
security universe 1.31-3ubuntu1.2

Changelog

Version: 1.31-3ubuntu1.2 2024-12-12 05:06:50 UTC

  ofono (1.31-3ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4232.patch: check status report fits
      in buffer
    - CVE-2023-4232
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4235.patch: check deliver reports fit
      in buffer
    - CVE-2023-4235

 -- Bruce Cable <email address hidden> Tue, 10 Dec 2024 15:23:48 +1100
Source diff to previous version
CVE-2023-4232 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the
CVE-2023-4235 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during th

Version: 1.31-3ubuntu1.1 2024-12-10 02:06:54 UTC

  ofono (1.31-3ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-2794-1.patch: Ensure the address length
      in bytes <= 10
    - debian/patches/CVE-2023-2794-2.patch: Check cbs_dcs_decode
      return value
    - debian/patches/CVE-2023-2794-3.patch: Make sure set_length on
      the parent succeeds
    - debian/patches/CVE-2023-2794-4.patch: Use a safer strlcpy
    - CVE-2023-2794
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4233.patch: Validate the length of the
      address field
    - CVE-2023-4233
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4234.patch: Check that submit report fits
      in memory
    - CVE-2023-4234

 -- Bruce Cable <email address hidden> Wed, 04 Dec 2024 15:26:16 +1100
CVE-2023-2794 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS d
CVE-2023-4233 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during
CVE-2023-4234 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the


About   -   Send Feedback to @ubuntu_updates