From luke at foolishgames.com  Wed Sep 23 11:05:53 2020
From: luke at foolishgames.com (Lucas Holt)
Date: Wed, 23 Sep 2020 11:05:53 -0400
Subject: [Midnightbsd-users] MidnightBSD 1.2.10
Message-ID: <245BF457-0E66-4C1B-9916-AD9EEF1DEF2E@foolishgames.com>

New security update for MidnightBSD.

Description:

udf: Validate the full file entry length

Otherwise a corrupted file entry containing invalid extended attribute
lengths or allocation descriptor lengths can trigger an overflow when
the file entry is loaded.

Discovered by:
C Turt <ecturt at gmail.com>


Lucas Holt
Luke at FoolishGames.com
________________________________________________________
MidnightBSD.org (Free OS)
JustJournal.com (Free blogging)