[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 149-1] New glibc packages fix security related problems

On Tue, Aug 13, 2002 at 06:28:01PM -0500, Paul Baker wrote:
> 
> On Tuesday, August 13, 2002, at 03:21 AM, Martin Schulze wrote:
> >
> >- 
> >--------------------------------------------------------------------------
> >Debian Security Advisory DSA 149-1                     
> >security@debian.org
> >http://www.debian.org/security/                             Martin 
> >Schulze
> >August 13th, 2002
> >- 
> >--------------------------------------------------------------------------
> >
> >Package        : glibc
> >Vulnerability  : integer overflow
> >Problem-Type   : remote
> >Debian-specific: no
> >CVE Id         : CAN-2002-0391
> >CERT advisory  : VU#192995
> 
> Anyone aware of any particular daemon's that need to be restarted just 
> to be safe? I'd rather not have to type in the SSL passphrase for 
> apache+mod_ssl if I don't have to.

 The advisory said the overflow was "in the RPC library", so things like NFS
and NIS and stuff with origins at Sun might be using that.  Apache shouldn't
be vulnerable unless there are some modules that use RCP stuff.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: