Re: Buffer Overruns in RedHat 5.0

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
• Previous message: Wichert Akkerman: "Re: debian pppd chatscript"
• Maybe in reply to: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"

> The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
> (RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
> Wilton.

RedHat will be releasing an updated 2.0.5c RPM - we tried to take care of
most of the sprintf(), strcat() and strcpy(tmp, argv[i]) (!!!) things in
glibc.

I have sent our preliminary security patch to Ulrich for review.

Cristian

--
----------------------------------------------------------------------
Cristian Gafton   --   gafton@redhat.com   --   Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 UNIX is user friendly. It's just selective about who its friends are.

• Next message: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
• Previous message: Wichert Akkerman: "Re: debian pppd chatscript"
• Maybe in reply to: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"