WoofyDugfock
Group: Members
Posts: 146
Joined: Sep. 2004 |
 |
Posted: May 31 2005,09:09 |
 |
I was just looking at the XZGV website. The author has posted the following warning about versions 0.8 and before (dsl has 0.7):
| Quote | | WARNING: There is a known vulnerability in xzgv 0.8 (and all previous versions) such that suitably-constructed images can be made to run arbitrary commands (as the user) when viewed with xzgv. This has the potential to cause serious trouble, so I strongly recommend applying this patch (with e.g. "patch -p0 <xzgv*.diff") before compiling. This is intended as a temporary measure until I can put together a more comprehensive fix (which would be complicated and isn't likely to happen soon), but should be effective in the meantime. |
I don't know if this has been brought up before (didn't see it on a quick search). Should this perhaps be fixed in future versions of dsl?
Or: maybe someone might point me at a how-to for applying the author's patch to dsl.
--------------
"We don't need no stinkin' Windows"
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39149796,00.htm
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
