Updated Webalizer packages are available for Red Hat Linux Advanced Server 2.1 which fix an obscure buffer overflow bug in the DNS resolver code. [Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64) architecture. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1
Webalizer is a Web server log file analysis program which produces detailed usage reports in HTML format. A buffer overflow in Webalizer versions prior to 2.01-10, when configured to use reverse DNS lookups, may allow remote attackers to execute arbitrary code by connecting to the monitored Web server from an IP address that resolves to a long hostname. Users of Webalizer are advised to upgrade to these errata packages which contain Webalizer version 2.01-09 with backported security and bug fix patches.