Slackware: 'xlockmore' update
Summary
Where Find New Packages
MD5 Signatures
Installation Instructions
A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock (or disable xlock altogether) immediately. The package described below will work for users of Slackware 7.0, 7.1, and -current. ========================================== xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz) ========================================== A root exploit has been fixed in this release of xlockmore. The new xlock.tgz package is available from: For verification purposes, we provide the following checksums: 16-bit "sum" checksum: 53857 762 x1/xlock.tgz 128-bit MD5 message digest: ca171919342cd7a3e18a3ac3cd91e252 x1/xlock.tgz INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE: --------------------------------------------------- Disable any running xlockmore processes and issue this command: # upgradepkg xlock.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team The Slackware Linux Project