glibc vulnerability

Ken Moffat ken at kenmoffat.uklinux.net
Sun Jun 1 15:14:46 PDT 2003


On Sun, 1 Jun 2003, Dagmar d'Surreal wrote:

> On Sun, 2003-06-01 at 15:22, Dagmar d'Surreal wrote:
> > On Wed, 2003-05-28 at 07:51, Jochen Schroeder wrote:
> > > Suse has released a patch for glibc to fix a security hole in the XDR
> > > code, see here for details:
> > > http://www.suse.de/de/security/2003_027_glibc.html
> >
> > Umm... Took them long enough.  Glibc-2.3.2 doesn't have this problem.
>
> ..and more to the point, here's an annotated diff that people should
> start applying to glibc.  It was assembled directly from the components
> listed in CERT Advisory CA-2003-10.  Since glibc-2.3.2 is not vulnerable
> to this, if you are currently building using the current CVS tree of
> LFS, you don't need to worry about it.  Everyone else using any version
> of glibc previous to 2.3.2 (2.3.1, 2.2.5, etc) should apply this patch
> to their glibc sources and rebuild to eliminate the vulnerability from
> their system.
>
 Thanks for this, but the comments don't seem to be in line with your
recommendation to label _where_ tha patch came from, or is it my eyes
failing ?

 Now I'll have to try to understand it, to see whether I trust it ;-)

Ken
-- 
Live Long or Prosper! No, wait, that wasn't it...
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list