![[LWN Logo]](/images/lwn.banner.gif)
Date: Tue, 16 Feb 1999 16:48:26 -0500
From: Deborah Greenberg Lidl <dgl@NFR.NET>
Subject: NFR Version 2.0 Research: Patch 3 Now Available
To: BUGTRAQ@NETSPACE.ORG
Network Flight Recorder announces the release of the following patch:
Patch Number Applies to Product
------------ ------------------
2.0-p3 NFR Version 2.0.2 Research
The REAMDE for the patch is included below. The patch is available as
a patch file which can be applied to NFR Version 2.0.2 Research, and
as a complete distribution. Both versions are available from
http://www.nfr.net/downloads/
If you have questions about this or other patches, send e-mail to
feedback@nfr.net.
--------
NFR Version 2.0 Patch 3
(nfr-2.0-p3-research.tar)
Apply to:
NFR Version 2.0.2 Research
Recommended Uses:
This security patch is recommended for all users of NFR
Version 2.0.2.
Applying This Patch:
1. Download the patch and place it in the following directory:
~nfr/nfr-2.0.2-research/nfr
2. Untar and apply the patch:
% cd ~nfr/nfr-2.0.2-research/nfr
% tar -xvf nfr-2.0-p3-research.tar
% patch -p0 < patch2.0.3
3. Recompile NFR, using fixmake, make, and make install, as
described in the "Getting Started Guide."
The patch program on some versions of Solaris sometimes fails
silently when applying patches. If the patch process does
not work on your Solaris machine, download and install the
complete distribution (nfr-2.0.2-research-src.tar.Z).
Contents:
This patch is distributed as a tar file, which contains these
files:
README.PATCH this file
patch2.0.3 the patch file
Fixes:
- webd: Buffer overruns in the Web server have been fixed. This fix
addresses a problem recently discussed on the NFR users mailing
list. Because buffer overruns can be used to bypass the security of
software systems, NFR recommends installing this patch to improve the
security of your NFR system.
- webd: The Web server now does a better job at reading all input.
This fix addresses a problem, discussed on the NFR users mailing
list, in which certain browsers on certain operating systems did
not receive all of the data from the Web server.
- alertd: The alert system no longer creates a storm of forked process
when a remote NFR system has lots of alerts queued and cannot
contact the central NFR system. While this code is not exercised
in the research version of the NFR software, the fix is included in
this patch to the research version to maintain consistency in
common sections of the code base.
Deborah
--
Deborah Greenberg Lidl Network Flight Recorder
Director of Communications and Product Management
dgl@nfr.net Phone: 1.301.765.7945
http://www.nfr.net Fax: 1.301.765.7946