That might be _an_ answer, but not _the_ answer.
At least not to the question at hand.
The sites you have all been mentioning are just mirrors,
RH mirrors. It is irrelevant whether or not ftp.cdrom.com
is updated, because the kernel in question (2.0.38)
is NOT part of the official RH errata. Until it is,
it will never ever make it into any of the mirrors.
James: I'm surprised that you could upgrade the wuftpd
package with an older version, rpm won't let you do that
unless you (--)force it to. And like I said, checking
the mirror itself is useless, you should first check
the errata page, then go and find the specific file
you're looking for (actually I usually use sunsite at
dk or at uk, not walnut creek, they're mirrored daily
and are fairly fast)
The real issue is that this is a rather serious flaw
in the linux kernel, which is yet to be patched.
Might I remind you all that this was not yet fixed
in 2.0.38 anyhow, so this is all pointless.
Jonathan Ben-Avraham wrote:
>
> The answer is download.xs4all.nl:/pub/mirror/redhat-updates
>
> - yba
>
> On Fri, 10 Dec 1999, James Olin Oden wrote:
>
> > >
> > > What are you talking about?
> > >
> > > RH contrib? Some other site where you can get kernels
> > > packaged as RPMs?
> > >
> > > We're talking about an enterprise environment here,
> > > OFFICIAL RH errata. Whether or not this is the right
> > > way to go, this is where people look.
> > >
> > > Why don't you head on over to
> > > ftp://ftp.cdrom.com/pub/linux/redhat/updates/5.2/i386/
> > > (a respectable RH mirror site, no doubt) and check what kernel version
> > > they have in stock. The site is updated, there is nothing wrong with
> > > it. The official RH errata does indeed contain only kernel 2.0.36.
> > >
> > Actually, when it comes to older realeases such as RH 5.x, then do
> > not expect even ftp.cdrom.com to be upto date. Until about two months
> > ago, one of our servers was running the RH 5.2 distribution. A little
> > before we made the conversion to RH 6.1 yet another exploit was found in
> > the wu-ftpd daemon. At the time, it was really hard to get a connection
> > to updates.redhat.com. So I went looking around for a mirror that still had
> > the RH 5.2 stuff. Well, I got to ftp.cdrom.com and downloaded the wu-ftdp
> > errata file they had, and installed it without checking its version (a
> > VERY dumb thing to do )-: ). Unfortunately, it happened to be something
> > older than the rpm I was already using. This really hosed things as you
> > might imagine. Eventually I got conencted to updates.redhat.com, and
> > downloaded the correct version with the fix for the exploit.
> >
> > The moral is that mirrors often times may have the a distro's early realeases,
> > but they are probably only truely mirroring the current release.
> >
> > ..james
> >
> > > Hetz Ben Hamo wrote:
> > > >
> > > > Well, if YOU CHECK you will find that there are RPM's for kernel 2.0.38
> > > > for redhat 5.x - compiled and ready.
> > > >
> > > > Just rpm -Uvh kernel-2.0.38(whatever the name is) and thats it..
> > > >
> > > > Hetz
> > > >
> > > > Omer wrote:
> > > > >
> > > > > Irrelevant.
> > > > >
> > > > > Most people will not upgrade the kernel on their own
> > > > > to the latest stable version, but rather would only
> > > > > upgrade using the official vendor errata. This is how
> > > > > it is for all of the big-time operating systems, and
> > > > > since Linux is poised to make it to the big time, you
> > > > > have to expect this practice to become a lot more common.
> > > > >
> > > > > To which: Say you're a RH user, using 5.x.
> > > > >
> > > > > You will be using RedHat's errata updated for 5.2.
> > > > >
> > > > > The latest kernel included is 2.0.36, not patched
> > > > > to fix this.
> > > > >
> > > > > Hetz Ben Hamo wrote:
> > > > > >
> > > > > > It fixed long time ago on kernel 2.0.38
> > > > > >
> > > > > > Hetz
> > > > > >
> > > > > > Omer wrote:
> > > > > > >
> > > > > > > This was posted to BugTraq today, and it seemed
> > > > > > > important enough to pass on (even though if you are
> > > > > > > a sysadmin and do not regularly read BT, you might
> > > > > > > deserve what you get).
> > > > > > >
> > > > > > > It's what I'd call a HUGE problem, not
> > > > > > > merely a big problem (unless of course you have
> > > > > > > no local users). In any case, I'd chmod u-s /bin/ping
> > > > > > > immediatly, and be careful not to ping as root (if
> > > > > > > you're not sure you're up to it, better make it
> > > > > > > chmod 000 /bin/ping :)
> > > > > > >
> > > > > > > Message to BT follows...
> > > > > > >
> > > > > > >
>----------------------------------------------------------------------------------------
> > > > > > >
> > > > > > > Eduardo Cruz wrote:
> > > > > > >
> > > > > > > Hello ppl.
> > > > > > >
> > > > > > >
> > > > > > > Last week i was playing with my old linux 2.0.36 i486 box, while i was
> > > > > > > playing with the command ping and trying combinations of commands
> > > > > > > i found that when u do a ping -s 65468 -R ANYIPADDRESS ( -R record
> > > > > > > route) the system starts to print on the screen kernel dumps
> > > > > > > , freezes complitely and after few secconds the system reboots.
> > > > > > >
> > > > > > > The major problem with this (if this is a bug, because i dont have time
> > > > > > > to install differents kernels and test it better) is that command can be
> > > > > > > run by everyone
> > > > > > > because you dont need root permissions to make a -R.
> > > > > > >
> > > > > > > I tested this on a 2.0.35 and .36 (both slackware), when u try to do this
> > > > > > > on a 2.2.x the system prints out "message too long".
> > > > > > > I think the problem is that there is a size-check missed when u reach the
> > > > > > > maximun packet size and u put the route information, but anyway
> > > > > > > i am not a guru on kernels.
> > > > > > >
> > > > > > > So, now is time for the kernel experts :)
> > > > > > >
> > > > > > >
>---------------------------------------------------------------------------
> > > > > > > Eduardo Cruz - [EMAIL PROTECTED]
> > > > > > > Network Administrator
> > > > > > > Telecomm Solutions Group
> > > > > > > Tel: +350 74146 Fax: +350 41781
> > > > > > > ---------------------------------------------------------------
> > > > > > >
> > > > > > > --
> > > > > > > /--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
> > > > > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ]
> > > > > > > [ take a few minutes. If your body stops responding for a long time and ]
> > > > > > > [ there is no brain activity please die. Setup will continue after you ]
> > > > > > > [ are reborn. ]
> > > > > > > \-----------------------------------------------------------------------/
> > > > > > > - Quoting Buzh, asr
> > > > > > >
> > > > > > > =================================================================
> > > > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > > > >
> > > > > --
> > > > > /--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
> > > > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ]
> > > > > [ take a few minutes. If your body stops responding for a long time and ]
> > > > > [ there is no brain activity please die. Setup will continue after you ]
> > > > > [ are reborn. ]
> > > > > \-----------------------------------------------------------------------/
> > > > > - Quoting Buzh, asr
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > >
> > > --
> > > /--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
> > > [ Microsoft Vaccine 2000 is configuring your immune system. This may ]
> > > [ take a few minutes. If your body stops responding for a long time and ]
> > > [ there is no brain activity please die. Setup will continue after you ]
> > > [ are reborn. ]
> > > \-----------------------------------------------------------------------/
> > > - Quoting Buzh, asr
> > >
> > > =================================================================
> > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail [EMAIL PROTECTED]
> > >
> >
> >
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
>
> EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ TclTek Ltd.
> =}-------------------------------------------------ooO--U--Ooo-----------{=
> - [EMAIL PROTECTED] - tel: +972.52.670.353, http://www.tcltek.co.il -
--
/--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
[ Microsoft Vaccine 2000 is configuring your immune system. This may ]
[ take a few minutes. If your body stops responding for a long time and ]
[ there is no brain activity please die. Setup will continue after you ]
[ are reborn. ]
\-----------------------------------------------------------------------/
- Quoting Buzh, asr
S/MIME Cryptographic Signature
