github mikebrady/shairport-sync 3.1.4
Version 3.1.4 – Stable Version, Important Security Update

latest releases: 3.3.9, 4.1-dev, 4.0-dev...
4 years ago

Security Update

  • The version of tinysvcmdns bundled in Shairport Sync has a buffer overflow bug: "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." The vulnerability is addressed by additional checking on packet sizes. See also CVE-2017-12087 and Vulnerability in tinysvcmdns.
    Thanks and Chris Boot for fixing this bug.

Bug Fix

  • Somewhere in version 3.x, the softvol plugin got broken as the volume change is not applied anymore. Turned out that, for the softvol plugin, no volume() and parameters() are defined. Thanks to Jörg Krause for locating and fixing this bug.

Don't miss a new shairport-sync release

NewReleases is sending notifications on new releases.