Get the LinuxSecurity news you want faster with RSS
Powered By
Slackware: local /tmp vulnerability
Posted by LinuxSecurity.com Team
A local /tmp bug in the /usr/sbin/ppp-off program was found.
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug
could allow a local user to corrupt system files. A fix has been made and
an updated package is now available in the -current branch.
The package described below will work for users of Slackware 7.0, 7.1, and
-current.
==================================
ppp package updated - (n1/ppp.tgz)
==================================
A local /tmp bug in the /usr/sbin/ppp-off program has been found and
fixed. The new ppp.tgz package is available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ppp.tgz
For verification purposes, we provide the following checksums:
16-bit "sum" checksum:
60573 191 n1/ppp.tgz
128-bit MD5 message digest:
c879dd34413a5d9cf367640206492852 n1/ppp.tgz
INSTALLATION INSTRUCTIONS FOR THE ppp.tgz PACKAGE:
--------------------------------------------------
Disable any running pppd processes:
# killall pppd
Then issue this command:
# upgradepkg ppp.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
