NFR Version 2.0 Research: Patch 3 Now Available

From: Deborah Greenberg Lidl (dglat_private)
Date: Tue Feb 16 1999 - 13:48:26 PST

Next message: Joe Stewart: "Re: ICQ99 crash"

Previous message: Pavel Krauz: "Is switched LAN secure? - New hunt released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Network Flight Recorder announces the release of the following patch:

        Patch Number            Applies to Product
        ------------            ------------------
        2.0-p3                  NFR Version 2.0.2 Research

The REAMDE for the patch is included below.  The patch is available as
a patch file which can be applied to NFR Version 2.0.2 Research, and
as a complete distribution.  Both versions are available from

        http://www.nfr.net/downloads/

If you have questions about this or other patches, send e-mail to
feedbackat_private

--------

NFR Version 2.0 Patch 3
(nfr-2.0-p3-research.tar)

Apply to:

        NFR Version 2.0.2 Research

Recommended Uses:

        This security patch is recommended for all users of NFR
        Version 2.0.2.

Applying This Patch:

        1. Download the patch and place it in the following directory:

           ~nfr/nfr-2.0.2-research/nfr

        2. Untar and apply the patch:

           % cd ~nfr/nfr-2.0.2-research/nfr
           % tar -xvf nfr-2.0-p3-research.tar
           % patch -p0 < patch2.0.3

        3. Recompile NFR, using fixmake, make, and make install, as
           described in the "Getting Started Guide."

        The patch program on some versions of Solaris sometimes fails
        silently when applying patches.  If the patch process does
        not work on your Solaris machine, download and install the
        complete distribution (nfr-2.0.2-research-src.tar.Z).

Contents:

        This patch is distributed as a tar file, which contains these
        files:

        README.PATCH                    this file
        patch2.0.3                      the patch file

Fixes:

- webd: Buffer overruns in the Web server have been fixed.  This fix
  addresses a problem recently discussed on the NFR users mailing
  list.  Because buffer overruns can be used to bypass the security of
  software systems, NFR recommends installing this patch to improve the
  security of your NFR system.

- webd: The Web server now does a better job at reading all input.
  This fix addresses a problem, discussed on the NFR users mailing
  list, in which certain browsers on certain operating systems did
  not receive all of the data from the Web server.

- alertd: The alert system no longer creates a storm of forked process
  when a remote NFR system has lots of alerts queued and cannot
  contact the central NFR system.  While this code is not exercised
  in the research version of the NFR software, the fix is included in
  this patch to the research version to maintain consistency in
  common sections of the code base.

Deborah
--
Deborah Greenberg Lidl                        Network Flight Recorder
           Director of Communications and Product Management
dglat_private                                     Phone: 1.301.765.7945
http://www.nfr.net                                Fax: 1.301.765.7946

Next message: Joe Stewart: "Re: ICQ99 crash"
Previous message: Pavel Krauz: "Is switched LAN secure? - New hunt released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:12 PDT