Argh.
Well, it appears there is a serious problem with libc 4.6.27 and
earlier. Should we upgrade to libc 4.7.4 at this late date? Has
anyone used this version? If so, what have been your experiences?
------- Start of forwarded message -------
Date: Wed, 30 Aug 1995 13:34:54 -0400
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: anarchy@thunder.swansea.linux.org.uk (A.Cox)
Cc: big-linux@netspace.org, bugtraq@crimelab.com, cert@cert.org,
hjl@nynexst.com, torvalds@cs.helsinki.fi,
linux-announce@vger.rutgers.edu, linux-security@tarsier.cv.nrao.edu
Subject: Re: Final analysis of syslog threat under Linux
"AC" == A Cox <anarchy@thunder.swansea.linux.org.uk> writes:
AC> This problem affects most Linux (and probably most unix systems)
AC> and should be acted on immediately. Simply switching to libc4.7.2
AC> will adequately protect almost all users. Note that libc4.7.2 has
AC> some bugs but libc4.7.4 appears more correct. Even though the built
AC> libc4.7.4 is in hjl's private area it should be made available by
AC> all ftp sites ASAP.
I have made a copy of libc-4.7.4 publicly available, for now, in:
ftp://linux.nrao.edu/pub/linux/security/libc-4.7.4/
This version is, as Alan states, not currently a public release; it's
only available in H.J. Lu's "hidden" GCC development area on
tsx-11.mit.edu (and its mirrors, of which linux.nrao.edu is one).
H.J. has given his OK for this "pseudo-release."
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | jeff.uphoff@linux.org
Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
------- End of forwarded message -------
Reply to: