Lsof revisions 4.17 through 4.40 have this patch:

arg.c.patch		Patches: lsof_4.40/arg.c

			Affects: all dialects

			Importance: !!!CRITICAL!!!

			Frequency: depends on -u option specification

			This patch corrects a buffer overflow in
			the processing of -u option login name
			values.  Without this patch a login name
			longer than 9 characters can cause an
			internal buffer overflow and segmentation
			fault.

Vic Abell
February 27, 1999