[LWN Logo]

Date: Mon, 1 May 2000 15:35:03 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] aaa_base not vulnerable


Slackware aaa_base Package Not Affected
---------------------------------------

On the 29th of April, SuSE posted an advisory stating that their aaa_base
package has a couple of security flaws related to (1) a cron job that can
be enabled to clean up old files in /tmp and /var/tmp and (2) the use of
/tmp as a home directory for several accounts (including "nobody").  The
advisory included this text:

    Other Linux distributions or operating systems might be affected as
    well, please contact your vendor for information about this issue.

Not to worry, the aaa_base.tgz package used by Slackware is not vulnerable
to these problems.  Slackware has never included the vulnerable cron job
script (which was added by SuSE to their version of aaa_base), nor does it
use /tmp as a home directory for any account.


     -- Slackware Linux Project
        http://www.slackware.com