Re: Buffer Overruns in RedHat 5.0

From: Cristian Gafton (gaftonat_private)
Date: Tue Dec 16 1997 - 12:04:01 PST

Next message: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"

Previous message: Wichert Akkerman: "Re: debian pppd chatscript"
Maybe in reply to: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 16 Dec 1997, Andreas Jaeger wrote:

> The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
> (RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
> Wilton.

RedHat will be releasing an updated 2.0.5c RPM - we tried to take care of
most of the sprintf(), strcat() and strcpy(tmp, argv[i]) (!!!) things in
glibc.

I have sent our preliminary security patch to Ulrich for review.

Cristian
--
----------------------------------------------------------------------
Cristian Gafton   --   gaftonat_private   --   Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 UNIX is user friendly. It's just selective about who its friends are.

Next message: Charles M. Hannum: "Re: CERT Advisory CA-97.28 - Teardrop_Land"
Previous message: Wichert Akkerman: "Re: debian pppd chatscript"
Maybe in reply to: Wilton Wong - ListMail: "Buffer Overruns in RedHat 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:34 PDT