[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Re: Apparent SNMP remote-root vulnerability.

From: bryan redhat com (Bryan C. Andregg)
To: linux-security redhat com
Subject: Re: [linux-security] Re: Re: Apparent SNMP remote-root vulnerability.
Date: Tue, 12 May 1998 13:58:47 +0000 (GMT)

On Tue, 12 May 1998 01:18:38 -0400 (EDT), <jlewis inorganic5 fdt net> wrote:
> On Sun, 10 May 1998, Dan Reish wrote:
> > named (from bind-4.9.6-7)
> 
> This has known buffer overruns...unless 4.9.6-7 is a hand fixed job by the
> RedHat people.  ISC released an emergency 4.x (4.9.7, I think) version and
> suggested everyone should really upgrade to 8.1.2T3b.

The bind RPM from our updates tree, bind-4.9.6-7 was patched and released
before any security announcements were made to the general public.

It is possible to check this with,

# rpm -q --changelog bind
Wed Apr 01 1998 Erik Troan <ewt redhat com>

- patched serious overflows
[ snipped ]


[mod: Aaron M. Ucko adds: (4.9.6-1.1 is the[ir] fixed libc5 version.) -- REW]


-- 
                Bryan C. Andregg * <bandregg redhat com> * Red Hat Software

"Hey, wait a minute, you clowns are on dope!"
	-- Owen Cheese in 'Shakes the Clown'

References:
- Re: [linux-security] Apparent SNMP remote-root vulnerability.
  - From: Dan Reish
- Re: [linux-security] Re: Apparent SNMP remote-root vulnerability.
  - From: Jon Lewis

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]