I tried to sign-up for a Bugzilla account, but never got the
confirmation e-mail, so I'm posting here in hopes that someone else will
enter them.
1/ The recently released libxml2-python 2.4.19-5.legacy is missing the
Python 2.2 modules:
/usr/lib/python2.2/site-packages/libxml2.py
/usr/lib/python2.2/site-packages/libxml2mod.so
2/ nscd from glibc-2.2.5-44 is vulnerable to DNS cache poisoning. I
don't know how it is when BIND doesn't seem to be affected, but several
times now I've found 'localhost' mapping to an address block assigned to
APNIC. I did a search and a few other people have seen this too.
(There was no specific break-in because my firewall kept things sane.)
You can use 'getent' to check ('host' only does DNS; 'getent' does
NSS-lookups): 'getent hosts localhost'. Workaround: Disable cache for
hosts in /etc/nscd.conf or disable nscd (not a good solution if you're
using NIS/LDAP/SQL/etc).
Wil
--
Wil Cooley wcooley@xxxxxxxxxxx
Naked Ape Consulting http://nakedape.cc
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
