ken at kenmoffat.uklinux.net
Sun Jun 1 15:14:46 PDT 2003
On Sun, 1 Jun 2003, Dagmar d'Surreal wrote:
> On Sun, 2003-06-01 at 15:22, Dagmar d'Surreal wrote:
> > On Wed, 2003-05-28 at 07:51, Jochen Schroeder wrote:
> > > Suse has released a patch for glibc to fix a security hole in the XDR
> > > code, see here for details:
> > > http://www.suse.de/de/security/2003_027_glibc.html
> > Umm... Took them long enough. Glibc-2.3.2 doesn't have this problem.
> ..and more to the point, here's an annotated diff that people should
> start applying to glibc. It was assembled directly from the components
> listed in CERT Advisory CA-2003-10. Since glibc-2.3.2 is not vulnerable
> to this, if you are currently building using the current CVS tree of
> LFS, you don't need to worry about it. Everyone else using any version
> of glibc previous to 2.3.2 (2.3.1, 2.2.5, etc) should apply this patch
> to their glibc sources and rebuild to eliminate the vulnerability from
> their system.
Thanks for this, but the comments don't seem to be in line with your
recommendation to label _where_ tha patch came from, or is it my eyes
Now I'll have to try to understand it, to see whether I trust it ;-)
Live Long or Prosper! No, wait, that wasn't it...
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security