Date: Thu, 21 Sep 2000 17:56:48 -0700 (PDT) From: kris@FreeBSD.org To: freebsd-gnats-submit@FreeBSD.org Subject: ports/21464: linux_base port installs insecure glibc rpm Message-ID: <20000922005648.CA93237B440@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21464 >Category: ports >Synopsis: linux_base port installs insecure glibc rpm >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 21 18:00:02 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Kris Kennaway >Release: >Organization: >Environment: >Description: The linux_base port installs an out of date RPM which has security vulnerabilities when used with privileged applications. By default no such applications are installed by the linux compatability ports, but there may be others in the ports tree which I don't know about. An updated glibc rpm is available but it is only in the redhat 6.2 directories on the redhat mirror sites. The port currently installs redhat 6.1 rpms, although the newer glibc rpm is apparently suitable for 6.1 as well. The redhat advisory is available at http://www.redhat.com/support/errata/RHSA-2000-057-04.html which points to the fixed glibc rpm. I'm not sure if we currently install other vulnerable RPMs - the redhat security advisories should be checked at http://www.redhat.com/apps/support/updates.html >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922005648.CA93237B440>