|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] OpenServer 5.0.x : Samba security update available avaliable for download.
Valdis.Kletnieks
vt.edu
Date: Fri Aug 15 2003 - 23:22:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 15 Aug 2003 17:04:03 PDT, securitysco.com said:
1) Subject line says "Samba security update available" - this is a *metamail* avisory.
> Subject: UnixWare 7.1.2 Open UNIX 8.0.0 UnixWare 7.1.1 UnixWare
7.1.2 : exploitable buffer overrun in metamail
> Advisory number: CSSA-2003-SCO.15
> Issue date: 2003 August 15
From the changelog for the RedHat metamail package:
* Tue Jun 23 1998 Alan Cox <alanredhat.com>
- Here we go again. One more quoting issue.
* Mon Jun 22 1998 Alan Cox <alanredhat.com>
- If you want to know how not to write secure software
then metamail is a good worked example. Mind you to
be fair the original author wrote it as a prototype
MIME tool and it stuck. Anyway it might actually be
safe now. More from the Linux Security Audit Project.
* Tue Jun 16 1998 Alan Cox <alanredhat.com>
- Round and round the tmp fixes go
Where they stop nobody knows
- More holes in metamail fixed - (Linux Security Audit Project)
When you take *5 years* to get the fix out the door, could you at least
take the time to get the *SUBJECT* of the e-mail right????
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE/PbF7cC3lWbTT17ARAhqiAJ4hWMWDS1jG46LMPzZGiJwRfFnF+gCg8KKh
pJW9aaaHk64LOfUADhrSMzc=
=T4+2
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]