Allan Schaffer (allan++at++holodeck.engr.sgi.com)
Thu, 2 Apr 1998 15:58:03 -0800
A security vulnerability was recently discovered in the
performer_tools subsystem shipped with Performer 2.2.
Patch 3018 has been released to address this problem. You can
download this patch for free, regardless of support status, from
Silicon Graphics Security Headquarters:
http://www.sgi.com/Support/security/security.html
The direct path to the security advisory, patch bits, release notes,
and checksums are:
ftp://sgigate.sgi.com/security/19980401-01-P3018
ftp://sgigate.sgi.com/patches/6.2/patch3018.tar
ftp://sgigate.sgi.com/patches/6.2/patch3018.relnotes
ftp://sgigate.sgi.com/patches/6.2/patch3018.pgp.and.chksums
Patch 3018 should be loaded on any system which has the
performer_tools from IRIS Performer 2.2 installed. It is only
necessary with performer_tools 2.2 and cannot be installed on prior
versions of IRIS Performer. Patch 3018 has been tested with IRIS
Performer 2.2 on systems running IRIX 6.2, IRIX 6.3, IRIX 6.4, and
IRIX 6.5.
This patch also contains a few other minor bug fixes to the
performer_tools. Here is the list of what's fixed:
o SCR 581294 - Performer API tool security vulnerability
o SCR 581950 - pfsearch.cgi fails with outbox webserver
o SCR 584224 - pfresults.cgi fails with perl5
o SCR 585820 - wrong title for patch 3004
Patch 3004 was a short-lived predecessor to patch 3018; if you were
one of the few to download patch 3004, be sure to read section 1.5 of
the patch 3018 relnotes.
Allan
----
Allan Schaffer allan++at++sgi.com
Silicon Graphics http://reality.sgi.com/allan
=======================================================================
List Archives, FAQ, FTP: http://www.sgi.com/Technology/Performer/
Submissions: info-performer++at++sgi.com
Admin. requests: info-performer-request++at++sgi.com
This archive was generated by hypermail 2.0b2 on Mon Aug 10 1998 - 17:57:11 PDT