Did you know ... Search Documentation:
News

Version 7.6.1 released

0 upvotes 0 0 downvotes
Picture of user Jan Wielemaker.

Version 7.6.1 has been released. Highlights:

  • Several race conditions in atom, functor and predicate `supervisor' installation have been fixed. Thanks to Keri, being a perfect detective! This work includes the installation of memory barriers, needed to avoid reordering memory access on e.g., ARM and powerpc.
  • Race condition in windows sockets. Keri.
  • Port: ARM: unsigned char issue in RDF Turtle parser. Added recognising ARM and powerpc in configure.ac to build by default as a shared object configuration.
  • Avoid unnecessary creation of modules for several built-ins.

Security Vulnerability in Pengines

0 upvotes 0 0 downvotes
Picture of user Anne Ogborn.

This weekend Vladislav Zorov reported a vulnerability in pengine sandboxing.

This vulnerability allows any user who can create a pengine to execute unconstrained prolog code, including process_create.

The vulnerability can be triggered simply by loading pengines.

This vulnerability was patched with commit

https://github.com/SWI-Prolog/swipl-devel/commit/a22442fc82fd468f02abb7a19958bb3007dc585b

We recommend all pengines users upgrade to this release or later.

Big thanks to Vladislav.