|
The Perl community has released a fix to the sprintf function that was recently discovered to have a buffer overflow in very specific cases. All Perl users should consider updating immediately. Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on ... read more |
|
The Perl community has updated the core module Sys::Syslog to help alleviate a security hole in the Webmin web administration package. All Webmin users should update immediately to the updated version of Sys::Syslog. Dyad Security released a security advisory explaining how arbitrary, untrusted data can get passed by Webmin into Perl's Sys::Syslog module as a sprintf format string. This allows an attack to create arbitrarily large strings, overwhelming server resources ... read more |