"userland binary vulnerabilities 20040104-01-P" disappeared? - SGI

This is a discussion on "userland binary vulnerabilities 20040104-01-P" disappeared? - SGI ; Hello, A couple of days ago I received this advisory from Wiretap and installed patch5424. Browsing through the patches at: "ftp://patches.sgi.com/support/free/security/patches/6.5.20/" sometime later, I noticed 5424 is no longer there, plus the advisory is not listed at "http://www.sgi.com/support/security/advisories.html". (you can ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: "userland binary vulnerabilities 20040104-01-P" disappeared?

  1. "userland binary vulnerabilities 20040104-01-P" disappeared?

    Hello,

    A couple of days ago I received this advisory from Wiretap and installed
    patch5424.
    Browsing through the patches at:
    "ftp://patches.sgi.com/support/free/security/patches/6.5.20/" sometime later,
    I noticed 5424 is no longer there, plus the advisory is not listed at
    "http://www.sgi.com/support/security/advisories.html".
    (you can find it on "http://www.net-security.org/advisory.php?id=2928")

    What is the reason?

    -marek

  2. Re: "userland binary vulnerabilities 20040104-01-P" disappeared?

    Marek Zawadzki wrote:

    > A couple of days ago I received this advisory from Wiretap and installed
    > patch5424.
    > Browsing through the patches at:
    > "ftp://patches.sgi.com/support/free/security/patches/6.5.20/" sometime later,
    > I noticed 5424 is no longer there, plus the advisory is not listed at
    > "http://www.sgi.com/support/security/advisories.html".
    > (you can find it on "http://www.net-security.org/advisory.php?id=2928")
    >
    > What is the reason?


    The patch was bad, at least for 6.5.22. Install it on 6.5.22,
    log out and in again and you see why, 4DWM screws up then.

    Best

    Rudi

  3. Re: "userland binary vulnerabilities 20040104-01-P" disappeared?

    On 2004-02-05, Rudi Hoeben wrote:
    > Marek Zawadzki wrote:
    >
    >> A couple of days ago I received this advisory from Wiretap and installed
    >> patch5424.

    [...]
    > The patch was bad, at least for 6.5.22. Install it on 6.5.22,
    > log out and in again and you see why, 4DWM screws up then.


    It's not that bad in my case, but _damn it_, if it breaks something (else),
    shouldn't the SGI inform us about it via Wiretap?!
    Anybody from SGI?

    -marek

    --
    Marek Zawadzki, System Administrator
    Poznan Supercomputing & Networking Center
    http://www.man.poznan.pl/~mzawadzk

  4. Re: "userland binary vulnerabilities 20040104-01-P" disappeared?

    Marek Zawadzki wrote:
    > On 2004-02-05, Rudi Hoeben wrote:
    >> Marek Zawadzki wrote:
    >>
    >>> A couple of days ago I received this advisory from Wiretap and installed
    >>> patch5424.

    > [...]
    >> The patch was bad, at least for 6.5.22. Install it on 6.5.22,
    >> log out and in again and you see why, 4DWM screws up then.


    > It's not that bad in my case, but _damn it_, if it breaks something (else),
    > shouldn't the SGI inform us about it via Wiretap?!
    > Anybody from SGI?


    Apparently they heard you:

    """
    The original patch 5424 had two library mismatches causing 4Dwm to hang
    with rld errors appearing in SYSLOG and problems with gr_osview. New patches
    5473 and 5474 have been released to fix these issues. (SGI BUG 908652)
    """

    Damian Menscher
    --
    -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
    -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc217)333-0038 |#=-
    -=#| www.uiuc.edu/~menscher/ Fax217)333-9819 |#=-
    -=#| The above opinions are not necessarily those of my employers: |#=-
    -=#| UIUC CITES Security Group || Beckman Imaging Technology Group |#=-

  5. Re: "userland binary vulnerabilities 20040104-01-P" disappeared?

    Damian Menscher wrote:
    > Marek Zawadzki wrote:
    >
    >>On 2004-02-05, Rudi Hoeben wrote:
    >>
    >>>Marek Zawadzki wrote:
    >>>
    >>>
    >>>>A couple of days ago I received this advisory from Wiretap and installed
    >>>>patch5424.

    >>
    >>[...]
    >>
    >>>The patch was bad, at least for 6.5.22. Install it on 6.5.22,
    >>>log out and in again and you see why, 4DWM screws up then.

    >
    >
    >>It's not that bad in my case, but _damn it_, if it breaks something (else),
    >>shouldn't the SGI inform us about it via Wiretap?!
    >>Anybody from SGI?

    >
    >
    > Apparently they heard you:
    >
    > """
    > The original patch 5424 had two library mismatches causing 4Dwm to hang
    > with rld errors appearing in SYSLOG and problems with gr_osview. New patches
    > 5473 and 5474 have been released to fix these issues. (SGI BUG 908652)
    > """
    >
    > Damian Menscher

    5474 is now available, which replaces 5424 (for 6.5.21 & 22), should be
    OK...

+ Reply to Thread