From owner-freebsd-security Wed Sep 17 11:14:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA29359 for security-outgoing; Wed, 17 Sep 1997 11:14:43 -0700 (PDT) Received: from ns.mt.sri.com (SRI-56K-FR.mt.net [206.127.65.42]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA29354 for ; Wed, 17 Sep 1997 11:14:40 -0700 (PDT) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.7/8.8.7) with ESMTP id MAA29341; Wed, 17 Sep 1997 12:14:32 -0600 (MDT) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id MAA07110; Wed, 17 Sep 1997 12:14:29 -0600 (MDT) Date: Wed, 17 Sep 1997 12:14:29 -0600 (MDT) Message-Id: <199709171814.MAA07110@rocky.mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Simon Shapiro Cc: freebsd-security@freebsd.org Subject: Re: FW: CERT Advisory CA-97.23 - rdist (fwd) In-Reply-To: References: X-Mailer: VM 6.29 under 19.15 XEmacs Lucid Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Simon Shapiro writes: > I know we have a (much) superior O/S, but it never hurts to ask. Right? > > Simon Did you read the advisory? .... > B. Obtain and install the appropriate patch > > Below is a list of vendors who have provided information for this > advisory. Details are in Appendix A, and we will update the appendix > as we receive more information. > ... > FreeBSD, Inc. ... > FreeBSD, Inc. > ============= > 2.1.0 is vulnerable. > 2.1.5, 2.1.6 and 2.1.7 are and 2.1-stable are not. In any case, upgrading > to 2.1.7 or even better, 2.1-stable should be considered. > If there is demand, we'll release a patch for 2.1.0 > > All 2.2 releases, 2.2-stable and FreeBSD-current are not vulnerable. *Sheesh*, how more obvious can it be? Nate