-----BEGIN PGP SIGNED MESSAGE-----

Rev. April 1, 1994
Date of last revision: August 12, 1996

Aug. 12, 1996	Updated information for Hewlett-Packard has been added.
		Modified NeXT information.
		Obsoleted information for Cray and IBM has been removed.
July 24, 1996 	Updated rdist version information, see Section II, Subection G.
Feb. 20, 1996   Section II, Subsection G was updated with a new Rdist
		version number (6.1.2).
Feb 8, 1996	Section II, Subsection G, was modified with updated
		information from Michael Cooper.

Note: After we publish checksums in advisories, the checksums may become
      obsolete because the files they refer to have been updated.

......................................................................

I.  Vendors that do not include rdist in their operating system
    distributions:

    Amdahl
    AT&T System V
    Data General DG/UX for AViiON Systems
    Sequent Computer Systems (note they will begin to ship rdist
        in February 1992, but it will be the corrected version)

II. Vendors providing patches:

    A.  Apollo Domain/OS SR10.3 and SR10.3.5 (Fixed in SR10.4)

        a88k PD92_P0316
        m68k PD92_M0384

        HP customers should contact their local response center to obtain
        patches.

    B.  MIPS  RISCos versions 4.50 through 4.52 (not required for 5.0)

        Patches are available via anonymous ftp at ftp.mips.com.
        The file is /pub/rdist.CERT.tar.

    C.  NeXT Computer, Inc.  NeXTstep Release 2.x, 3.x

	The vulnerabilities identified in the CA-91:20.rdist.vulnerability
	have been incorporated into NEXTSTEP 3.x (and later revisions).

        A new version of rdist may be obtained from your
        authorized NeXT Support Center.  If you are an authorized
        support center, please contact NeXT through your normal
        channels.  NeXT also plans to make this new version of
        rdist available on the public NeXT FTP archives.

    D.  Hewlett-Packard HP-UX 10.XX
	
	The rdist vulnerability can be eliminated from releases 10.0,
	10.01, 10.10, and 10.20 of HP-UX by applying the patches mentioned
	below.  HP-UX releases prior to 10.X and after 10.20 (i.e., 10.30)
	are not vulnerable.  HP-UX 9.X is not vulnerable.

	Apply patches PHNE_8107 (series 700/800, HP-UX 10.00 & 10.01)
                  and PHCO_7798 (series 700/800, HP_UX 10.00 & 10.01)
             or patch PHNE_7919 (series 700/800, HP-UX 10.10)
                      PHNE_7920 (series 700/800, HP-UX 10.20)

	All patches are available now, except PHNE_7920 which
        will be available after 8 August.

	See HEWLETT-PACKARD SECURITY BULLETIN: HPSBUX9608-036, 08 Aug 96
	for more details.

    E.  Silicon Graphics   IRIX 3.3.x/4.0 (fixed in 4.0.1)

        Patches may be obtained via anonymous ftp from sgi.com in the
        sgi/rdist directory.

    F.  Solbourne	OS/MP 4.1A	Patch ID P911121003

    G.  Sun Microsystems, Inc.

		SunOS 4.0.3/4.1.1/4.1.2/4.1.3/4.1.3c sun3/sun4 architectures
		PatchID	100383-06

        Patches may be obtained via anonymous ftp from ftp.uu.net (in the
        /systems/sun/sun-dist directory), from ftp.eu.net (in the
	/sun/fixes directory), or from local Sun Answer Centers worldwide.

    H.  Mike Cooper      Rdist version  6.1.3.

	The current official version of rdist
	(Version 6.1.3) is available from


	ftp://usc.edu/pub/rdist/rdist-6.1.3.tar.gz

              MD5 (rdist-6.1.3.tar.gz) = 8a76b880b023c5e648b7cb77b9608b9f



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMg9+l3VP+x0t4w7BAQEpuAP7BlWSXaJUf+QUybqupb1tew30olmpnbPe
GmAVfxYRAFclvJYXWjukJMHRy9qjcvEov5eae9WhDtdl+SHbPjL+G0nuGzwPFJLo
KbNoP2gEp7G8vAe6+zJfaHm7oOeY4DhTk39RMlxkUS9dpR87F2wq7W8UEiRl9QcM
Zjz4LiU85GM=
=kRcV
-----END PGP SIGNATURE-----