![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 20 Oct 2000 22:53:13 -0600
From: Kurt Seifried <seifried@SECURITYPORTAL.COM>
Subject: LSLID:2000102004 - Oracle [response from Oracle]
To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM
LSLID:2000102004
[mod note]: they accidently shipped it, and they consider it pre-alpha
software. Whooops, great QA job guys. The good news is a fixed version
should be out next week.
=========
Hi Bugtraq Moderator -
This is in response to the above posting by pask@plazasite.com (Juan
Michael Pascual Escrib). I did try to post online but apparently I need
to register to do this. (Aside - it would be helpful if you had more
readily-apparent information on how exactly one does register to post
online. I could not seem to find this information on the BUGTRAQ site.
Sorry if it WAS obvious and I missed it!)
Oracle's response is as follows:
The Linux version of Oracle Internet Directory (mentioned in the alert)
is not a production release from Oracle; though Oracle Internet
Directory 2.0.6 was never released on Linux, the OID binaries were
accidentally shipped with the 8.1.6 Linux port and apparently install by
default. Our position is that this should be regarded as a "pre alpha"
product, is not supported, and should under no circumstances put into
production in a customer's environment. We apologize for our mistake and
regret and inconvenience this has caused our customers.
We are also reviewing current production releases of OID to ensure that
this problem does not occur in other releases and platforms, and will
provide BUGTRAQ with additional information should the scope of the
problem extend to production versions of product. We appreciates
receiving first notice of any security issues pertaining to any of our
products, and apologize for any delays encountered in responding to
those who reported this one.
Oracle encourages all Linux directory developers to download the
upcoming production version of Oracle Internet Directory, v2.1.1, part
of the Oracle 8.1.7 (8i Release 3) server media pack, from
http://technet.oracle.com/, when it becomes available early next week.
Regards
Mary Ann Davidson
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mary Ann Davidson
Director, Security Product Management
Server Technologies
Oracle Corporation
(650) 506 5464
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No ka moana ku'u mele; no na halu au e hula ai.
"From the ocean comes my song; of the waves I dance my dance."
There is no problem a good day of surfing won't cure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~