Date: Sun, 8 Feb 2015 11:53:33 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: lynx: crash when parsing overly long links On Fri, 06 Feb 2015 18:55:08 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > Sorry forgot to include the link > > https://bugzilla.redhat.com/show_bug.cgi?id=605286 Here's the upstream reference/changelog: http://lynx.isc.org/current/CHANGES.html#v2.8.8dev.4 quote: "* limit parsed URIs with new config parameter MAX_URI_SIZE, default 8192 (RedHat #605286, forwarded by Vincent Danen). For arbitrarily long URIs, alloca() could run out of stack space -TD" So it got fixed in the 4th dev version of 2.8.8. Everyone who's using 2.8.8 (release version) or above is not affected. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ