On Tue, Aug 13, 2002 at 06:28:01PM -0500, Paul Baker wrote: > > On Tuesday, August 13, 2002, at 03:21 AM, Martin Schulze wrote: > > > >- > >-------------------------------------------------------------------------- > >Debian Security Advisory DSA 149-1 > >[EMAIL PROTECTED] > >http://www.debian.org/security/ Martin > >Schulze > >August 13th, 2002 > >- > >-------------------------------------------------------------------------- > > > >Package : glibc > >Vulnerability : integer overflow > >Problem-Type : remote > >Debian-specific: no > >CVE Id : CAN-2002-0391 > >CERT advisory : VU#192995 > > Anyone aware of any particular daemon's that need to be restarted just > to be safe? I'd rather not have to type in the SSL passphrase for > apache+mod_ssl if I don't have to.
The advisory said the overflow was "in the RPC library", so things like NFS and NIS and stuff with origins at Sun might be using that. Apache shouldn't be vulnerable unless there are some modules that use RCP stuff. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
