Apache worm released
Gerald Combs
gerald at ethereal.com
Mon Jul 1 22:01:44 CDT 2002
On Mon, 1 Jul 2002, Brian Densmore wrote:
> This is why I hate RedHat! They have gotten so much like M$, it's just
> flat out frightening! I can understand them patching the kernel, because
> the patching of the kernel is so screwed up, but to patch everyone
> else's
> software too! Which of course makes all sorts of 3rd party software NOT
> work on Redhat. You need to get RedHat's versions of everything, and if
> per chance they don't support that particular code, you're screwed!
> Some one needs to slap these people upside the head! Of course it may
> just
> be I'm having a really crappy Monday! ;')
It's not you. A while back Red Hat (and other major Linux distributors,
to be fair) released a security update for the UCD SNMP library. They
happened to change the number and types of arguments passed to the
sprint_objid() function. They also didn't bother to tell anyone about the
changes, e.g. the UCD SNMP team or anyone who wrote software that called
that function. The result was that every software package that used that
particular function under Red Hat dumped core whenever it encountered an
SNMP packet. Red Hat, Mandrake, SuSE, et al still have room for
improvement in their QA practices.
More information about the Kclug
mailing list