From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=DATE_IN_PAST_12_24 autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 23528 invoked from network); 1 Nov 2021 09:12:38 -0000 Received: from 4ess.inri.net (216.126.196.42) by inbox.vuxu.org with ESMTPUTF8; 1 Nov 2021 09:12:38 -0000 Received: from duke.felloff.net ([216.126.196.34]) by 4ess; Sun Oct 31 12:25:20 -0400 2021 Message-ID: Date: Sun, 31 Oct 2021 17:25:10 +0100 From: cinap_lenrek@felloff.net To: 9front@9front.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: strategy hosting-oriented XMPP over WEB2.0 template shader Subject: [9front] critical bug in libc's idn2utf() Reply-To: 9front@9front.org Precedence: bulk I just pushed a fix for a stack buffer-overflow bug in libc's idn2utf() function to convert a punycode domain name into utf-8. The bug existed in all releases starting from: Date: Tue Sep 25 20:14:25 +0200 2018 The following programs are affected: ip/ipconfig ndb/dns webfs It is highly recommended to sysupdate and rebuild the whole system *NOW*, including the kernel as ip/ipconfig is included in the kernels bootfs image. you can see if you are affected by running the following: term% hget http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA webfs 8183: suicide: sys: trap: fault write addr=0x0 pc=0x20ddec -- cinap