A security release for DOSBox 0.74:
- Fixed that a very long line inside a bat file would overflow the parsing buffer. (CVE-2019-7165 by Alexandre Bartel)
- Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when >/ or /proc were (to be) mounted. (CVE-2019-12594 by Alexandre Bartel)
- Several other fixes for out of bounds access and buffer overflows.
- Some fixes to the OpenGL rendering.
It's recommended to use config -securemode when dealing with untrusted files.
Ideally, 0.75 should have been released by now, but some bugs took a lot longer than expected.
https://dosbox.com
沒有留言:
張貼留言