Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 8 Feb 2015 11:53:33 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: lynx: crash when parsing overly long links

On Fri, 06 Feb 2015 18:55:08 -0700
Kurt Seifried <kseifried@...hat.com> wrote:


> Sorry forgot to include the link
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=605286

Here's the upstream reference/changelog:
http://lynx.isc.org/current/CHANGES.html#v2.8.8dev.4

quote:
"* limit parsed URIs with new config parameter MAX_URI_SIZE, default
8192 (RedHat #605286, forwarded by Vincent Danen). For arbitrarily long
URIs, alloca() could run out of stack space -TD"


So it got fixed in the 4th dev version of 2.8.8. Everyone who's using
2.8.8 (release version) or above is not affected.


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ