[esd-l] NOTICE: ZIP archived filename length checks in Sanitizer
John D. Hardin
jhardin at impsec.org
Sat Sep 9 21:19:09 PDT 2006
All:
A BO vulnerability has been announced in the DUNZIP32.dll zipfile
library used by many commercial programs, including Lotus Notes and
Real Audio player.
In an attempt to mitigate this vulnerability, archived filename length
checks have been added to the development version of the Procmail
Email Sanitizer, and a patch to add these checks to recent stable
releases is also available.
The patch is available at:
http://www.impsec.org/email-tools/sanitizer_zip_filename_length.patch
The development version of the sanitizer is available at:
http://www.impsec.org/email-tools/development/
The sanitizer home page is:
http://www.impsec.org/email-tools/procmail-security.html
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is not the business of government to make men virtuous or
religious, or to preserve the fool from the consequences of his own
folly. -- Henry George
-----------------------------------------------------------------------
8 days until The 219th anniversary of the signing of the U.S. Constitution
More information about the esd-l
mailing list