Bugtraq mailing list archives

Re: Buffer Overruns in RedHat 5.0

From: gafton () REDHAT COM (Cristian Gafton)
Date: Tue, 16 Dec 1997 15:04:01 -0500


On Tue, 16 Dec 1997, Andreas Jaeger wrote:

The appended patch should fix the Buffer Overrun in GNU libc 2.0.x
(RedHat 5.0 contains glibc 2.0.5c). Thanks for pointing out the bug,
Wilton.


RedHat will be releasing an updated 2.0.5c RPM - we tried to take care of
most of the sprintf(), strcat() and strcpy(tmp, argv[i]) (!!!) things in
glibc.

I have sent our preliminary security patch to Ulrich for review.

Cristian
--
----------------------------------------------------------------------
Cristian Gafton   --   gafton () redhat com   --   Red Hat Software, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 UNIX is user friendly. It's just selective about who its friends are.

Current thread:

Buffer Overruns in RedHat 5.0 Wilton Wong - ListMail (Dec 13)
- <Possible follow-ups>
- Re: Buffer Overruns in RedHat 5.0 Wilton Wong - ListMail (Dec 14)
- Re: Buffer Overruns in RedHat 5.0 Andreas Jaeger (Dec 16)
  - Re: Buffer Overruns in RedHat 5.0 Cristian Gafton (Dec 16)