This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenBTS' transceiver retro-fit". The branch, ttsou/fixes has been created at 520d21c825c4f856b4faec6ddaa1b653d113fd05 (commit) - Log ----------------------------------------------------------------- http://cgit.osmocom.org/osmo-trx/commit/?id=520d21c825c4f856b4faec6ddaa1b65… commit 520d21c825c4f856b4faec6ddaa1b653d113fd05 Author: Tom Tsou <tom.tsou(a)ettus.com> Date: Thu Apr 28 21:24:53 2016 -0700 common: Restrict UDP binding to localhost only Reported security vulnerability where control and data UDP packets can be injected into the transceiver externally due to socket binding to all interfaces using INADDR_ANY. Existing socket interface does not allow specifying local address; only the local port and remote address/port are arguments. Restrict socket bind to localhost with INADDR_LOOPBACK. If external interfaces do need to be used, the API should be modified to allow specifying the local socket address. Reported-by: Simone Margaritelli <simone(a)zimperium.com> Signed-off-by: Tom Tsou <tom.tsou(a)ettus.com> ----------------------------------------------------------------------- hooks/post-receive -- OpenBTS' transceiver retro-fit