> If a security patch is required for the C library, this seems to imply
> that all applications compiled against the library require
> recompilation. Am I mistaken, or do I have a whole lotta work ahead of
> me?
Not unless you have statically linked code that was bad from an old
version of the library. If you have dynamically linked binaries, don't
worry about it (unless symbols have changed, of course).
> Second, since I'm running 6.2, I'm looking for the appropriate patches
> (I've only seen them for 7.0). Is there some reason why 6.2 would be
> unpatched -- is it, as far as the vulnerabilities fixed by these
> pathces go, more secure than 7.0?
Keep in mind that somehow RedHat manages to fix major problems with the
SAME version of the package (just a different RPM release). This has lead
me to believe that they really screw the configuration or that they hack
the code themselves.
If only 7.0 is mentioned in the errata, etc, as having a fix, then it was
just the 7.0 package with the problem. If you have 6.2, just keep an eye
on the 6.2 updates as you always should.
> Thanks for your feedback,
>
> cur
>
> ----------
>
>
> Red Hat: 'glibc' vulnerability - 1/11/2001
>
> A couple of bugs in GNU C library 2.2 allow unpriviledged user to read restricted
>files and preload libraries in /lib and /usr/lib
> directories into SUID programs even if those libraries have not been marked as such
>by system administrator.
>
> ftp://updates.redhat.com/7.0/i386/glibc-2.2-12.i386.rpm
>91b935bfb0d5fb43394d8557fe754bb4
>
> ftp://updates.redhat.com/7.0/i386/glibc-common-2.2-12.i386.rpm
>b1218c0c2b6f5bd1e161c3158d0418a5
>
> ftp://updates.redhat.com/7.0/i386/glibc-devel-2.2-12.i386.rpm
>0d0bc7d1cd31c548e474146a7cdfea51
>
> ftp://updates.redhat.com/7.0/i386/glibc-profile-2.2-12.i386.rpm
>9891a9d1967be619ca74a1de5d0b1f63
>
> ftp://updates.redhat.com/7.0/i386/nscd-2.2-12.i386.rpm
>d56ba6b8f82c92b9a872e7ee94c706a9
>
> Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1045.html
>
>
--
-Statux
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
