Slackware: local /tmp vulnerability
Posted by LinuxSecurity.com Team   
Slackware A local /tmp bug in the /usr/sbin/ppp-off program was found.

A local /tmp bug in the /usr/sbin/ppp-off program was found.  This bug
could allow a local user to corrupt system files.  A fix has been made and
an updated package is now available in the -current branch.

The package described below will work for users of Slackware 7.0, 7.1, and
-current.


   ==================================
   ppp package updated - (n1/ppp.tgz)
   ==================================

      A local /tmp bug in the /usr/sbin/ppp-off program has been found and
      fixed.  The new ppp.tgz package is available from:

         
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ppp.tgz

      For verification purposes, we provide the following checksums:

         16-bit "sum" checksum:
         60573   191   n1/ppp.tgz

         128-bit MD5 message digest:
         c879dd34413a5d9cf367640206492852  n1/ppp.tgz


      INSTALLATION INSTRUCTIONS FOR THE ppp.tgz PACKAGE:
      --------------------------------------------------
      Disable any running pppd processes:

         # killall pppd

      Then issue this command:

         # upgradepkg ppp.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   http://www.slackware.com