Hi, Thanks for the comments.
Ah, I see your in-depth post on Bugtraq now (-; http://msgs.securepoint.com/cgi-bin/get/bugtraq0207/39/1.html >From your Bugtraq post, I got the impression that since I haven't changed the defaults in /etc/nsswitch.conf -- i.e. my networks: line is: networks: files I shouldn't have anything to worry about at the moment. Does that sound right? I presume though that updated libc6 packages are being worked on -- Can anyone comment on this? P.S. This recent string of problems: Apache chunk OpenSSH libc resolver / BIND mod_ssl Samba (haven't seen this in English news yet) in such a short period is the worst (in the sense of each of the problems being in fairly widely used packages and the problems being serious) I've experienced in my 7-8 years of system administration. I've been dreading what the rest of "summer vacation" has in store for us... From: Florian Weimer Subject: Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Date: Thu, 04 Jul 2002 08:40:31 +0200 > [EMAIL PROTECTED] writes: > > > I see a claim that glibc isn't vulnerable at: > > > > http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/AAMN-5BMSW2 > > > > Any comments? > > GNU libc in its current version does contain incorrect code from BIND > 4.9. It is vulnerable, though not in the way initially described by > PINE-CERT. However, most vendors (including, for example, OpenBSD) > have fixed the same vulnerability while adressing the main issues > raised by PINE-CERT. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]