We have contacted Davide Del Vecchio and confirmed that the
the buffer overflow in disable(1) does not occur with the
patches recommended in HPSBUX0208-213, which says in part:
-----------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-213
Originally issued: 26 Aug 2002
-----------------------------------------------------------------
------------------------------------------------------------------
PROBLEM: Potential buffer overflows in lp subsystem
Please send any questions to security-alert (at) hp (dot) com. [email concealed]
Yours truly,
SOFTWARE SECURITY RESPONSE TEAM (SSRT)
Hewlett-Packard Company
HP Services
Join our (pre-merger) HP SECURITY BULLETIN MAILING LIST!
http://itrc.hp.com
In the left most frame select "Maintenance and Support"
Under the "Notifications" section (near the bottom of the page),
select "Support Information Digests".
We have contacted Davide Del Vecchio and confirmed that the
the buffer overflow in disable(1) does not occur with the
patches recommended in HPSBUX0208-213, which says in part:
-----------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-213
Originally issued: 26 Aug 2002
-----------------------------------------------------------------
------------------------------------------------------------------
PROBLEM: Potential buffer overflows in lp subsystem
PLATFORM: HP9000 Servers running HP-UX releases 10.20, 11.00, and
11.11 (11i).
DAMAGE: Potential denial of service to lp subsystem,
SOLUTION: Install the applicable patch for the OS release:
HP-UX 10.20 PHCO_27133,
HP-UX 11.00 PHCO_27132,
HP-UX 11.11 PHCO_27020.
MANUAL ACTIONS: none
AVAILABILITY: The patches are available now on itrc.hp.com.
------------------------------------------------------------------
Please send any questions to security-alert (at) hp (dot) com. [email concealed]
Yours truly,
SOFTWARE SECURITY RESPONSE TEAM (SSRT)
Hewlett-Packard Company
HP Services
Join our (pre-merger) HP SECURITY BULLETIN MAILING LIST!
http://itrc.hp.com
In the left most frame select "Maintenance and Support"
Under the "Notifications" section (near the bottom of the page),
select "Support Information Digests".
JOIN OUR (pre-merger) COMPAQ CUSTOMER SECURITY BULLETIN MAILING
LIST!
http://www.support.compaq.com/patches/mailing-list.shtml
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQCVAwUBPk1LKkb+N2sIuD1FAQH5GAP/eFlIR+reuyR2bzb4Axuldj5zZfohLT/S
IRnRsa7Yo2OoPNcdgQH/vMSKc9T6z4UCqZum/0gYHZIKurOEcb0eQ++op+gL3sOx
Cy8uMSQC7Md8bk2IMCACJoiGKasnyeyZ8DlMT3GXyzu5G00at69DMaBIEma3AbzW
QRoVs4ZUDr8=
=oGd6
-----END PGP SIGNATURE-----
[ reply ]