[5814] in bugtraq
Re: Buffer Overruns in RedHat 5.0
daemon@ATHENA.MIT.EDU (Cristian Gafton)
Tue Dec 16 19:42:17 1997
Date: Tue, 16 Dec 1997 15:04:01 -0500
Reply-To: Cristian Gafton <gafton@REDHAT.COM>
From: Cristian Gafton <gafton@REDHAT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <u8k9d5meug.fsf@arthur.rhein-neckar.de>
On Tue, 16 Dec 1997, Andreas Jaeger wrote:
> The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
> (RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
> Wilton.
RedHat will be releasing an updated 2.0.5c RPM - we tried to take care of
most of the sprintf(), strcat() and strcpy(tmp, argv[i]) (!!!) things in
glibc.
I have sent our preliminary security patch to Ulrich for review.
Cristian
--
----------------------------------------------------------------------
Cristian Gafton -- gafton@redhat.com -- Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
