Date: Tue, 24 Oct 2000 19:48:59 -0700 (PDT) To: slackware-security@slackware.com Subject: [slackware-security] Local /tmp vulnerability fixed in ppp-off A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug could allow a local user to corrupt system files. A fix has been made and an updated package is now available in the -current branch. The package described below will work for users of Slackware 7.0, 7.1, and -current. ================================== ppp package updated - (n1/ppp.tgz) ================================== A local /tmp bug in the /usr/sbin/ppp-off program has been found and fixed. The new ppp.tgz package is available from: ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ppp .tgz For verification purposes, we provide the following checksums: 16-bit "sum" checksum: 60573 191 n1/ppp.tgz 128-bit MD5 message digest: c879dd34413a5d9cf367640206492852 n1/ppp.tgz INSTALLATION INSTRUCTIONS FOR THE ppp.tgz PACKAGE: -------------------------------------------------- Disable any running pppd processes: # killall pppd Then issue this command: # upgradepkg ppp.tgz Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team http://www.slackware.com +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+