Updated Webalizer packages which fix an obscure buffer overflow bug in the DNS resolver code are available for Red Hat Linux 7.2.
The Webalizer is a Web server log file analysis program which produces detailed usage reports in HTML format. A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Red Hat Linux 7.2 shipped with Webalizer 2.01-9 which is vulnerable to this issue. Users of webalizer on Red Hat Linux 7.2 are advised to upgrade to these errata packages which contain Webalizer version 2.01-09 with backported security and bug fix patches.