Date: Mon, 1 Jul 2002 13:22:34 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> To: Brett Glass <brett@lariat.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: resolv and dynamic linking to compat libc Message-ID: <20020701182234.GO8128@madman.nectar.cc> In-Reply-To: <4.3.2.7.2.20020701120628.023147e0@localhost> References: <3D1AA5F2.9020305@ca.com> <3D1AA5F2.9020305@ca.com> <4.3.2.7.2.20020701120628.023147e0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 01, 2002 at 12:14:00PM -0600, Brett Glass wrote: > At 11:53 AM 7/1/2002, Jacques A. Vidrine wrote: > > >No, I'm afraid not. libc.so.3 will not be rebuilt in the usual sense > >of the word, thus leaving binaries that link against it vulnerable. > > In that case, has the binary package including it been taken offline? No. > It's unethical to leave it where it might be downloaded. Gee, I guess we better get cracking to take offline every previous version of libc, too --- which would mean every version of FreeBSD and who knows what else. Hmm, and any applications that may have been statically linked with any of them. How about you help out by enumerating every copy on the Internet, along with contact information for each? That would be much appreciated. Thanks. -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020701182234.GO8128>