Re: Final analysis of syslog threat under Linux

[juphoff () tarsier cv nrao edu (Jeff Uphoff)]

"AC" == A Cox <anarchy () thunder swansea linux org uk> writes:

AC>     This problem affects most Linux (and probably most unix systems)
AC> and should be acted on immediately. Simply switching to libc4.7.2
AC> will adequately protect almost all users. Note that libc4.7.2 has
AC> some bugs but libc4.7.4 appears more correct. Even though the built
AC> libc4.7.4 is in hjl's private area it should be made available by
AC> all ftp sites ASAP.

I have made a copy of libc-4.7.4 publicly available, for now, in:
ftp://linux.nrao.edu/pub/linux/security/libc-4.7.4/

This version is, as Alan states, not currently a public release; it's
only available in H.J. Lu's "hidden" GCC development area on
tsx-11.mit.edu (and its mirrors, of which linux.nrao.edu is one).
H.J. has given his OK for this "pseudo-release."

--Up.

--
Jeff Uphoff - systems/network admin.  |  juphoff () nrao edu
National Radio Astronomy Observatory  |  jeff.uphoff () linux org
Charlottesville, VA, USA              |  http://linux.nrao.edu/~juphoff/