3ffad06f7c
Fixed buffer overflow. >SECURITY ADVISORY 13th February 2001 >---------------------------------------------------------------------- >Program: analog >Versions: all versions except 4.16 and 4.90beta3 >Operating systems: all >---------------------------------------------------------------------- >There is a buffer overflow bug in all versions of analog released >prior to today. A malicious user could use an ALIAS command to >construct very long strings which were not checked for length. > >This bug is particularly dangerous if the form interface (which allows >unknown users to run the program via a CGI script) has been installed. > >This bug was discovered by the program author, and there is no known >exploit. However, users are advised to upgrade to one of the two safe >versions immediately, especially if they have installed the form >interface. The URL is http://www.analog.cx/ > >I apologise for the inconvenience. > Stephen Turner |
||
|---|---|---|
| .. | ||
| md5 | ||