UbuntuUpdates.org

Package "ofono-dev"

Name: ofono-dev

Description:

Mobile telephony stack (development files)
Latest version: 1.31-3ubuntu3.24.04.2
Release: noble (24.04)
Level: security
Repository: universe
Head package: ofono
Homepage: http://www.ofono.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ofono-dev"

All arch deb package
APT INSTALL

Other versions of "ofono-dev" in Noble

Repository Area Version
base universe 1.31-3ubuntu3
updates universe 1.31-3ubuntu3.24.04.2

Changelog

Version: 1.31-3ubuntu3.24.04.2 2024-12-12 03:07:00 UTC

  ofono (1.31-3ubuntu3.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4232.patch: check status report fits
      in buffer
    - CVE-2023-4232
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4235.patch: check deliver reports fit
      in buffer
    - CVE-2023-4235

 -- Bruce Cable <email address hidden> Tue, 10 Dec 2024 15:23:47 +1100
Source diff to previous version
CVE-2023-4232 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the
CVE-2023-4235 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during th

Version: 1.31-3ubuntu3.24.04.1 2024-12-10 01:07:27 UTC

  ofono (1.31-3ubuntu3.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-2794-1.patch: Ensure the address length
      in bytes <= 10
    - debian/patches/CVE-2023-2794-2.patch: Check cbs_dcs_decode
      return value
    - debian/patches/CVE-2023-2794-3.patch: Make sure set_length on
      the parent succeeds
    - debian/patches/CVE-2023-2794-4.patch: Use a safer strlcpy
    - CVE-2023-2794
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4233.patch: Validate the length of the
      address field
    - CVE-2023-4233
  * SECURITY UPDATE: Stack overflow
    - debian/patches/CVE-2023-4234.patch: Check that submit report fits
      in memory
    - CVE-2023-4234

 -- Bruce Cable <email address hidden> Wed, 04 Dec 2024 15:26:12 +1100
CVE-2023-2794 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS d
CVE-2023-4233 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during
CVE-2023-4234 A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the


About   -   Send Feedback to @ubuntu_updates