[1745] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Re: Apparent SNMP remote-root vulnerability.

daemon@ATHENA.MIT.EDU (Bryan C. Andregg)
Tue May 12 10:44:45 1998

Date: Tue, 12 May 1998 13:58:47 +0000 (GMT)
From: bryan@redhat.com (Bryan C. Andregg)
To: linux-security@redhat.com
Reply-to: bryan@redhat.com
Resent-From: linux-security@redhat.com

On Tue, 12 May 1998 01:18:38 -0400 (EDT), <jlewis@inorganic5.fdt.net> wrote:
> On Sun, 10 May 1998, Dan Reish wrote:
> > named (from bind-4.9.6-7)
> 
> This has known buffer overruns...unless 4.9.6-7 is a hand fixed job by the
> RedHat people.  ISC released an emergency 4.x (4.9.7, I think) version and
> suggested everyone should really upgrade to 8.1.2T3b.

The bind RPM from our updates tree, bind-4.9.6-7 was patched and released
before any security announcements were made to the general public.

It is possible to check this with,

# rpm -q --changelog bind
Wed Apr 01 1998 Erik Troan <ewt@redhat.com>

- patched serious overflows
[ snipped ]


[mod: Aaron M. Ucko adds: (4.9.6-1.1 is the[ir] fixed libc5 version.) -- REW]


-- 
                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"Hey, wait a minute, you clowns are on dope!"
	-- Owen Cheese in 'Shakes the Clown'

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post