Andrew,

The glibc "fastbug" is now in the fastbugs area.

ftp://ftp.scientificlinux.org/linux/scientific/5x/i386/updates/fastbugs/
ftp://ftp.scientificlinux.org/linux/scientific/5x/x86_64/updates/fastbugs/

-Connie Sieh


On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote:

> On Sun, 9 Aug 2009, Connie Sieh wrote:
>
>> On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote:
>
>> The glibc is already built.  I will get it out soon.
>
> Thanks very much indeed.
>
>>> https://rhn.redhat.com/errata/RHBA-2009-1202.html
>>> or for Firefox 3.0.13
>>> http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
>>
>> Do not know if the latest firefox that was released 1.5 weeks ago has this
>> fix.  You can check the changelog on the firefox rpm for the CVE's that it
>> fixed.
>>  rpm -q --changelog firefox
>
> I'm afraid it just says:
>
> * Thu Jul 09 2009 Jan Horak <[log in to unmask]> - 3.0.12-1
> - Update to 3.0.12
>
> CVE-2009-2404 was reported to Mozilla on 2009-07-15
> (see https://bugzilla.mozilla.org/show_bug.cgi?id=504456)
> so I doubt RedHat had sneaked an extra fix in.
>
> The flaw seems to have been reported at Black Hat
> 	http://www.wired.com/threatlevel/2009/07/kaminsky/
> so I expect attackes will be appearing on websites soon :-(
>
> I fear that this will require a new Firefox.
>
>>   I am actually on vacation right now and have to checkout of the
>> hotel in 5 minutes so do not have time to check for you.
>
> Have a great holiday.
>
> Thanks,
>
> -- 
> Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
> [log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna
>