Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 8 Feb 2015 11:53:33 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: lynx: crash when parsing overly long links

On Fri, 06 Feb 2015 18:55:08 -0700
Kurt Seifried <kseifried@...hat.com> wrote:


> Sorry forgot to include the link
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=605286

Here's the upstream reference/changelog:
http://lynx.isc.org/current/CHANGES.html#v2.8.8dev.4

quote:
"* limit parsed URIs with new config parameter MAX_URI_SIZE, default
8192 (RedHat #605286, forwarded by Vincent Danen). For arbitrarily long
URIs, alloca() could run out of stack space -TD"


So it got fixed in the 4th dev version of 2.8.8. Everyone who's using
2.8.8 (release version) or above is not affected.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.