[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000

Subject: Re: [cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000
From: Jeff Lovell <jlovell@xxxxxxxxxx>
Date: Sun Apr 2 12:33:10 2000

Tony wrote:
> 
> 2.97 appears to have been released after the 2.9 mentioned in the global
> announce sent out by Thomas Oh.
> These are two different patches right?

Yes, just as 2.94 is a separate patch.  And as a further note, 2.97 has
NOT
been released.  But I will go through and explain that to you below.

> Cobalt I really wish you'd get your sh*t together and teach your departments
> how to communicate with each other so that
> official information comes from just ONE damn source.

Ok, you need to sit back, chill out, and re-read this Advisory.  I'll
step through it with you so I can clear up some mis-understanding.

> > Cobalt Networks -- Security Advisory -- 03.31.2000
> >
> > Problem:
> > RaQ2 and RaQ3 allow remote users to view the contents of
> > an .htaccess file contained within a public website.

This explains the problem.

> > Relevant products and architectures
> > Product         Architecture            Vulnerable
> > Qube1           MIPS                    No
> > Qube2           MIPS                    No
> > RaQ1            MIPS                    No
> > RaQ2            MIPS                    Yes
> > RaQ3            x86                     Yes

This tells you what architectures are affected.

> > If your system is at risk you can you can downloaded the relevant
> > package and install it.  These are beta versions of the packages, Cobalt
> > is currently testing these packages.

You need to re-read this paragraph.  It seems you didn't get this far
in reading it before you decided to complain.

> > RaQ 2 -
> > ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ2-All-
> > Security-Point-2.97.pkg
> >
> > RaQ 3 -
> > ftp://ftp.cobaltnet.com/pub/experimental/security/apache/RaQ3-All-
> > Security-Point-2.4.pkg

We even put them into an "experimental" directory so it is clearer.

> > If you experience any problems with these packages please email
> > jlovell@xxxxxxxxxx or security@xxxxxxxxxxx

This tells you to email me if you decided to install this and see
any problems with it.

I hope this clears up any confusion you have had with this announcement.

Jeff

References:
- [cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000
  - From: Tony

Prev by Date: [cobalt-users] Qube2 64/12.1- $1400
Next by Date: Re: [cobalt-users] I want Web mail on Cobalt Raq 2 howto
Previous by thread: [cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000
Next by thread: Re: [cobalt-users] FW: [ Cobalt ] Security Advisory -- 03.31.2000

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index