Get the LinuxSecurity news you want faster with RSS
Powered By
Slackware: 'xlockmore' update
Posted by LinuxSecurity.com Team
A root exploit has been found in xlockmore packaged with Slackware.
A root exploit has been found in xlockmore packaged with Slackware. By
providing a carefully crafted display variable to xlock, it is possible
for a local attacker to gain root access. Anyone running xlock on a
public machine should upgrade to this version of xlock (or disable xlock
altogether) immediately.
The package described below will work for users of Slackware 7.0, 7.1, and
-current.
===========================================
xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz)
===========================================
A root exploit has been fixed in this release of xlockmore. The new
xlock.tgz package is available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/xlock.tgz
For verification purposes, we provide the following checksums:
16-bit "sum" checksum:
53857 762 x1/xlock.tgz
128-bit MD5 message digest:
ca171919342cd7a3e18a3ac3cd91e252 x1/xlock.tgz
INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE:
---------------------------------------------------
Disable any running xlockmore processes and issue this command:
# upgradepkg xlock.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
