From owner-freebsd-security Thu Feb 6 00:09:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA09220 for security-outgoing; Thu, 6 Feb 1997 00:09:55 -0800 (PST) Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA09186; Thu, 6 Feb 1997 00:09:46 -0800 (PST) Received: (from ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) id AAA10305; Thu, 6 Feb 1997 00:09:44 -0800 (PST) Date: Thu, 6 Feb 1997 00:09:42 -0800 (PST) From: Stranger Bone To: "Jordan K. Hubbard" cc: announce@freebsd.org, first-teams@first.org, freebsd-security-notification@freebsd.org, freebsd-security@freebsd.org Subject: Re: setlocale() bug in all released versions of FreeBSD (SA-97:01) In-Reply-To: <199702060245.SAA26311@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 5 Feb 1997, Jordan K. Hubbard wrote: > ============================================================================= > FreeBSD-SA-97:01 Security Advisory > Revised: Wed Feb 05 09:58:56 PDT 1997 FreeBSD, Inc. > > Topic: setlocale() bug in all released versions of FreeBSD > > Category: core > Module: libc > Announced: 1997-02-05 > Affects: FreeBSD 2.1.6 and earlier systems suffer from this > vulnerability for all binaries due to setlocale() being > called from crt0.o. > > Corrected: 1997-02-05 -stable, 1996-11-27 -current and RELENG_2_2 sources > Source: FreeBSD specific bug > FreeBSD only: unknown > > Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:01/ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This directory doesn't appear to exist. Ben "You have your mind on computers, it seems."