Slackware: 'xlockmore' update
Posted by LinuxSecurity.com Team   
Slackware A root exploit has been found in xlockmore packaged with Slackware.

A root exploit has been found in xlockmore packaged with Slackware.  By
providing a carefully crafted display variable to xlock, it is possible
for a local attacker to gain root access.  Anyone running xlock on a
public machine should upgrade to this version of xlock (or disable xlock
altogether) immediately.

The package described below will work for users of Slackware 7.0, 7.1, and
-current.


   ===========================================
   xlockmore 4.17.2 AVAILABLE - (x1/xlock.tgz)
   ===========================================

      A root exploit has been fixed in this release of xlockmore.  The new
      xlock.tgz package is available from:

         
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/x1/xlock.tgz

      For verification purposes, we provide the following checksums:

         16-bit "sum" checksum:
         53857   762   x1/xlock.tgz

         128-bit MD5 message digest:
         ca171919342cd7a3e18a3ac3cd91e252  x1/xlock.tgz


      INSTALLATION INSTRUCTIONS FOR THE xlock.tgz PACKAGE:
      ---------------------------------------------------
      Disable any running xlockmore processes and issue this command:

         # upgradepkg xlock.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   http://www.slackware.com