Re: libc (again)
Ian Murdock wrote:
> From: andrew@kryten.it.com.au (Andrew Howell)
> Date: Wed, 13 Sep 1995 00:32:18 +0800 (WST)
>
> > On the one hand, if we release Debian 0.93 with libc 4.6.27, we are
> > releasing a system with an exploitable and (now) well-known security
> > hole. On the other hand, if we release Debian 0.93 with libc 4.7.4,
> > we are releasing a system with a new and unreleased (!) library that
> > cannot compile Motif programs and that has seen little practical use.
> >
> > What in the world should we do about this!?! Any ideas?
>
> Like it's been suggested before, try and patch 4.6.27 to fix the
> security hole.
>
> I'm afraid I don't have time to do this. Would anyone be interested
> in looking at this possiblity? I've been told its impossible, but I
> don't see why it would be.
There is a fixed version at sunsite (/pub/Linux/libs). Maybe you should
ask the author of the patch. Here is the lsm file:
Begin3
Title: Linux LIBC 4.6.27 with SYSLOG security patch
Version: 1 September 1995
Entered-date: 5 September 1995
Description: Linux LIBC 4.6.27 with SYSLOG security patch -- see README!
Keywords: libc, syslog, security
Author: Leonard N. Zubkoff <lnz@dandelion.com> (SYSLOG patch only)
Maintained-by: N/A
Primary-site: sunsite.unc.edu:/pub/Linux/Incoming/libc-4.6.27-syslog-fix.tar.gz
Alternate-site:
Original-site:
Platform:
Copying-policy: GPL
End
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Reply to: