Security issue with ZXGV


Forum: Apps
Topic: Security issue with ZXGV
started by: WoofyDugfock
Posted by WoofyDugfock on May 31 2005,09:09
I was just looking at the < XZGV website >. The author has posted the following warning about versions 0.8 and before (dsl has 0.7):

Quote
WARNING: There is a known vulnerability in xzgv 0.8 (and all previous versions) such that suitably-constructed images can be made to run arbitrary commands (as the user) when viewed with xzgv. This has the potential to cause serious trouble, so I strongly recommend applying this patch (with e.g. "patch -p0 <xzgv*.diff") before compiling. This is intended as a temporary measure until I can put together a more comprehensive fix (which would be complicated and isn't likely to happen soon), but should be effective in the meantime.


I don't know if this has been brought up before (didn't see it on a quick search).  Should this perhaps be fixed in future versions of dsl?

Or: maybe someone might point me at a how-to for applying the author's patch to dsl.
Posted by WoofyDugfock on June 15 2005,11:57
I'm pleased to see a patch has now been applied in dsl 1.2.1 - though my post wasn't replied to?

Not that it's a big deal, it's just that it is nice to know whether or not one has contributed by flagging something ....
Posted by WoofyDugfock on June 18 2005,14:00
Hush my big fat mouth - it WAS acknowledged ...

< here >

Just as well I didn't get all pouty!  :p
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.