[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] libc resolver issue
- Subject: Re: [cobalt-security] libc resolver issue
- From: "Chris Burton" <chris@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Jul 2002 13:35:21 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Well, bind links against it and of course all shell tools which come with
it
> (dig, nslookup et all). I'm not sure what else. For peace of mind I just
> threw a PKG with bind-8.3.3 together, but as Eddy said, upgrading from the
> sources is also easy enough.
>
Doing that is all well and good, but you must not forget about the other
software that is linked staticaly with the affected library itself. On the
reports I have seen this includes sendmail etc... so this is another "zlib
style" security problem. Thats not fixed by a simple update of one "main"
package.
ChrisB.
--
http://ChrisBurton.info/
http://www.tyneside.lug.org.uk/