Debian: Security update to the htdig package

Posted at LWN.net: “Nergal reported a vulnerability in the htsearch program which is
distributed as part of the ht://Dig package, a indexing and searching
system for small domains or intranets. Using former versions it was
able to pass the parameter `-c’ to the cgi program in order to use a
different configuration file.

A malicious user could point htsearch to a file like `/dev/zero’ and
let the server run in an endless loop, trying to read config
parameters. If the user has write permission on the server he can
point the program to it and retrive any file readable by the webserver
user id.”

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR