Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Oct 2011 12:02:29 +0200
From: Timo Warns <Warns@...-Sense.DE>
To: oss-security@...ts.openwall.com
Subject: CVE request: double-free vulnerability in logsurfer

Gregor Kopf of Recurity Labs GmbH found a double-free vulnerability in
Logsurfer affecting the function prepare_exec(). The vulnerability is caused by
an insufficient treatment of an error condition that is returned by the
function get_word() when it is unable to correctly parse its input.

The following versions of logsurfer are affected:

 Logsurfer 1.5b and previous versions
 Logsurfer+ 1.7 and previous versions

A patch is available at http://logsurfer.git.sourceforge.net/git/gitweb.cgi?p=logsurfer/logsurfer;a=commit;h=07983748da9ea3d4954b80f02fed692fe21b1134

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ