Date: Mon, 1 May 2000 15:35:03 -0700 (PDT) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] aaa_base not vulnerable Slackware aaa_base Package Not Affected --------------------------------------- On the 29th of April, SuSE posted an advisory stating that their aaa_base package has a couple of security flaws related to (1) a cron job that can be enabled to clean up old files in /tmp and /var/tmp and (2) the use of /tmp as a home directory for several accounts (including "nobody"). The advisory included this text: Other Linux distributions or operating systems might be affected as well, please contact your vendor for information about this issue. Not to worry, the aaa_base.tgz package used by Slackware is not vulnerable to these problems. Slackware has never included the vulnerable cron job script (which was added by SuSE to their version of aaa_base), nor does it use /tmp as a home directory for any account. -- Slackware Linux Project http://www.slackware.com