![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Tue, 24 Oct 2000 19:48:59 -0700 (PDT)
To: slackware-security@slackware.com
Subject: [slackware-security] Local /tmp vulnerability fixed in ppp-off
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug
could allow a local user to corrupt system files. A fix has been made and
an updated package is now available in the -current branch.
The package described below will work for users of Slackware 7.0, 7.1, and
-current.
==================================
ppp package updated - (n1/ppp.tgz)
==================================
A local /tmp bug in the /usr/sbin/ppp-off program has been found and
fixed. The new ppp.tgz package is available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ppp
.tgz
For verification purposes, we provide the following checksums:
16-bit "sum" checksum:
60573 191 n1/ppp.tgz
128-bit MD5 message digest:
c879dd34413a5d9cf367640206492852 n1/ppp.tgz
INSTALLATION INSTRUCTIONS FOR THE ppp.tgz PACKAGE:
--------------------------------------------------
Disable any running pppd processes:
# killall pppd
Then issue this command:
# upgradepkg ppp.tgz
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+