New Packages for Noetic 2021-09-27

We’re happy to announce 6 new packages and 58 updates are now available in ROS Noetic. This sync was tagged as noetic/2021-09-27.

Besides the normal package updates, this update also includes a fix for CVE-2021-37146 in ros_comm. In versions of ros_comm up to and including version 1.15.11, a malformed XMLRPC request would cause roscore to spend an excessive amount of time processing the request, leading to a potential denial-of-service with repeated requests. A fix to make the XMLRPC server in roscore reject malformed requests was merged in PR https://github.com/ros/ros_comm/pull/2185, and released in ros_comm version 1.15.13 (part of this sync). We rate the impact of this vulnerability as low; an attacker with access to roscore could do various other things to cause a denial-of-service attack or worse. To our knowledge this vulnerability was never seen in the wild. This issue was initially reported by Junfeng Yang from Didi Research America, LLC.

Thank you to every maintainer and contributor who made these updates available!

Package Updates for ROS Noetic

Added Packages [6]:

Updated Packages [58]:

Removed Packages [0]:

Thanks to all ROS maintainers who make packages available to the ROS community. The above list of packages was made possible by the work of the following maintainers:

  • Alessandro Tondo
  • Alexander Gutenkunst
  • Austin Hendrix
  • Davide Faconti
  • Felix Exner
  • Franka Emika GmbH
  • Isaac I.Y. Saito
  • Jacob Perron
  • Justin Carpentier
  • Martin GΓΌnther
  • Max Krogius
  • Paul Bovbel
  • Rob Fisher
  • Robert Haschke
  • Shadow Robot’s Software Team
  • Stefan Laible
  • Steve Macenski
  • Vladimir Ermakov
  • clobot-git
1 Like

Thank you for the update.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.