dagmar.wants at nospam.com
Sat Jun 14 17:23:11 PDT 2003
On Fri, 2003-06-13 at 04:11, Marnix Kaart wrote:
> On Sunday 01 June 2003 22:22, Dagmar d'Surreal wrote:
> > On Wed, 2003-05-28 at 07:51, Jochen Schroeder wrote:
> > > Suse has released a patch for glibc to fix a security hole in the XDR
> > > code, see here for details:
> > > http://www.suse.de/de/security/2003_027_glibc.html
> > Umm... Took them long enough. Glibc-2.3.2 doesn't have this problem.
> I have no RPC based services running on my machine, so I am assuming that I am
> not vulnerable to this specific problem (I am a bit hesitant on recompiling
> glibc). Any confirmation on this?
Your installation is not vulnerable to _remote_ exploits using the XDR
code. However, it may be vulnerable to exploitation by local users. It
is also a very bad practice to leave known flawed code installed on
Seriously tho. If you follow the ch6 instructions, compiling
glibc-2.3.2 is no different from 2.3.1. No chrooting needed. If
everything passes the self-tests (make check or make test, can't
remember right now and I script it anyway) there's only an infinitesimal
chance something could go wrong moving from glibc-2.3.1 to glibc-2.3.2.
The email address above is just as phony as it looks, and for obvious reasons.
Instant messaging contact nfo: AIM: evilDagmar Jabber: evilDagmar at jabber.org
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security