[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] libc resolver issue

Subject: Re: [cobalt-security] libc resolver issue
From: "Chris Burton" <chris@xxxxxxxxxxxxxxxxxx>
Date: Wed, 3 Jul 2002 13:35:21 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Well, bind links against it and of course all shell tools which come with
it
> (dig, nslookup et all). I'm not sure what else. For peace of mind I just
> threw a PKG with bind-8.3.3 together, but as Eddy said, upgrading from the
> sources is also easy enough.
>

Doing that is all well and good, but you must not forget about the other
software that is linked staticaly with the affected library itself. On the
reports I have seen this includes sendmail etc... so this is another "zlib
style" security problem. Thats  not fixed by a simple update of one "main"
package.

ChrisB.

--
http://ChrisBurton.info/
http://www.tyneside.lug.org.uk/

Follow-Ups:
- Re: [cobalt-security] libc resolver issue
  - From: Michael Stauber
- Re: [cobalt-security] libc resolver issue
  - From: John Bailey
- Re: [cobalt-security] libc resolver issue
  - From: E.B. Dreger

References:
- Re: [cobalt-security] libc resolver issue
  - From: John Bailey
- Re: [cobalt-security] libc resolver issue
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] FW: Security Patches questions
Next by Date: [cobalt-security] Raq4 Serial Number
Previous by thread: Re: [cobalt-security] libc resolver issue
Next by thread: Re: [cobalt-security] libc resolver issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index