Andrew, The glibc "fastbug" is now in the fastbugs area. ftp://ftp.scientificlinux.org/linux/scientific/5x/i386/updates/fastbugs/ ftp://ftp.scientificlinux.org/linux/scientific/5x/x86_64/updates/fastbugs/ -Connie Sieh On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote: > On Sun, 9 Aug 2009, Connie Sieh wrote: > >> On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote: > >> The glibc is already built. I will get it out soon. > > Thanks very much indeed. > >>> https://rhn.redhat.com/errata/RHBA-2009-1202.html >>> or for Firefox 3.0.13 >>> http://www.mozilla.org/security/known-vulnerabilities/firefox30.html >> >> Do not know if the latest firefox that was released 1.5 weeks ago has this >> fix. You can check the changelog on the firefox rpm for the CVE's that it >> fixed. >> rpm -q --changelog firefox > > I'm afraid it just says: > > * Thu Jul 09 2009 Jan Horak <[log in to unmask]> - 3.0.12-1 > - Update to 3.0.12 > > CVE-2009-2404 was reported to Mozilla on 2009-07-15 > (see https://bugzilla.mozilla.org/show_bug.cgi?id=504456) > so I doubt RedHat had sneaked an extra fix in. > > The flaw seems to have been reported at Black Hat > http://www.wired.com/threatlevel/2009/07/kaminsky/ > so I expect attackes will be appearing on websites soon :-( > > I fear that this will require a new Firefox. > >> I am actually on vacation right now and have to checkout of the >> hotel in 5 minutes so do not have time to check for you. > > Have a great holiday. > > Thanks, > > -- > Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge > [log in to unmask] http://www.dpmms.cam.ac.uk/~werdna >