Hello !
maybe I've missed some discussions in this list. But can anybody from SuSE make a statement whether the SuSE distributions are vulnerable by the latest xdrmem_getbytes() integer overflow or not.
--> Quote from the last (sendmail) security announcement: 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - glibc SuSE Security is working on glibc updates for the RPC XDR integer overflow security problem in glibc. The central function of the glibc package in a Linux system requires extensive testing of the update packages. The update packages will be provided for download at the usual location and publically announced as soon as the testing is completed successfully. So, yes, SuSE is vulnerable and the SuSE people are working on the solution ! Thanks SuSE ! Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50