[3461] in Release_7.7_team
Athena 9.1.15, 9.0.28 security patch release
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Sep 8 16:37:05 2002
Date: Sun, 8 Sep 2002 16:36:56 -0400
Message-Id: <200209082036.QAA27802@error-messages.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@MIT.EDU
Tomorrow night we will be putting out 9.0 and 9.1 patch releases for
Solaris to correct a resolver vulnerability which could be exploited
to gain root access from the network. (This vulnerability has been
known for some time, but Sun did not produce patches until August 26,
and we thought at least 9.1 machines were protected by the local
caching daemon, which it turns out isn't true. See
http://www.cert.org/advisories/CA-2002-19.html for details.)
There are no other changes in this patch release.
If you have a machine set AUTOUPDATE=false, you can update it manually
after the release goes out by doing a console login as root and
running "update_ws".
Please send any questions or comments to release-team@mit.edu.
