3ffad06f7c
Fixed buffer overflow. >SECURITY ADVISORY 13th February 2001 >---------------------------------------------------------------------- >Program: analog >Versions: all versions except 4.16 and 4.90beta3 >Operating systems: all >---------------------------------------------------------------------- >There is a buffer overflow bug in all versions of analog released >prior to today. A malicious user could use an ALIAS command to >construct very long strings which were not checked for length. > >This bug is particularly dangerous if the form interface (which allows >unknown users to run the program via a CGI script) has been installed. > >This bug was discovered by the program author, and there is no known >exploit. However, users are advised to upgrade to one of the two safe >versions immediately, especially if they have installed the form >interface. The URL is http://www.analog.cx/ > >I apologise for the inconvenience. > Stephen Turner
4 lines
200 B
Plaintext
4 lines
200 B
Plaintext
MD5 (analog-4.16.tar.gz) = e951152629b1b23ef09b17f32d9310c4
|
|
RMD160 (analog-4.16.tar.gz) = 8f4c4ee89cec516920cc12e68143c312e80e7efd
|
|
SHA1 (analog-4.16.tar.gz) = d52ca1214665a8c01843e68b04c49d0e2615b9c9
|