Slackware: 'cvs' Multiple vulnerabilities
Posted by LinuxSecurity.com Team   
Slackware Patched to link to the shared zlib on the system instead of statically linking to the included zlib source. Also, use mktemp to create files in /tmp files more safely.


Date: Mon, 11 Mar 2002 18:31:37 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] cvs recompiled against updated zlib + /tmp fix


New cvs packages are available to fix security problems.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Mon Mar 11 17:54:12 PST 2002
patches/packages/cvs.tgz:  Patched to link to the shared zlib on the system
  instead of statically linking to the included zlib source.  Also, use mktemp
  to create files in /tmp files more safely.
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated cvs package for Slackware 7.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/cvs.tgz

Updated cvs package for Slackware 8.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/cvs.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 7.1:
03dab4f6898e34033e379d7ef706c21f  cvs.tgz

Slackware 8.0:
6758d0f323e9ebbd9aa1272c6c9dc482  cvs.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new cvs.tgz package:
# upgradepkg cvs.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   http://www.slackware.com