2 Issues
Wil Cooley
wcooley at nakedape.cc
Thu Aug 5 17:06:46 UTC 2004
I tried to sign-up for a Bugzilla account, but never got the
confirmation e-mail, so I'm posting here in hopes that someone else will
enter them.
1/ The recently released libxml2-python 2.4.19-5.legacy is missing the
Python 2.2 modules:
/usr/lib/python2.2/site-packages/libxml2.py
/usr/lib/python2.2/site-packages/libxml2mod.so
2/ nscd from glibc-2.2.5-44 is vulnerable to DNS cache poisoning. I
don't know how it is when BIND doesn't seem to be affected, but several
times now I've found 'localhost' mapping to an address block assigned to
APNIC. I did a search and a few other people have seen this too.
(There was no specific break-in because my firewall kept things sane.)
You can use 'getent' to check ('host' only does DNS; 'getent' does
NSS-lookups): 'getent hosts localhost'. Workaround: Disable cache for
hosts in /etc/nscd.conf or disable nscd (not a good solution if you're
using NIS/LDAP/SQL/etc).
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040805/38e8ef97/attachment.sig>
More information about the fedora-legacy-list
mailing list