The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[[email protected]: New Patches for Slackware 7.0 Available]


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 30 Nov 1999 19:24:35 -0800
From: bjr <[email protected]>
To: [email protected]
Subject: [[email protected]: New Patches for Slackware 7.0 Available]

--8MZM6zh5Bb05FW+3
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

----- Forwarded message from David Cantrell <[email protected]> -----

X-POP3-Rcpt: [email protected]
Date: Tue, 30 Nov 1999 12:12:26 -0800 (PST)
From: David Cantrell <[email protected]>
To: [email protected]
Subject: New Patches for Slackware 7.0 Available
Precedence: bulk
Reply-To: David Cantrell <[email protected]>

There are several bug fixes available for Slackware 7.0.  We will always
post bug fixes and security fixes to the /patches subdirectory on the ftp
site:

   ftp.cdrom.com:/pub/linux/slackware-7.0/patches

The ChangeLog.txt file in that directory will show what has been patched and
why.  Here is a short overview of the current patches available:

   bind.tgz       Upgraded to bind-8.2.2-P5.  This fixes a vulnerability
                  in the processing of NXT records that can be used in a
                  DoS attack or (theoretically) be exploited to gain access=
=20
                  to the server.  It is suggested that everyone running=20
                  bind upgrade to this package as soon as possible.

   nfs-server.tgz Upgraded to nfs-server-2.2beta47, to fix a security
                  problem with the version that shipped with Slackware 7.0
                  (nfs-server-2.2beta46).  By using a long pathname on a=20
                  directory NFS mounted read-write, it may be possible for=
=20
                  an attacker to execute arbitrary code on the server.  It=
=20
                  is recommended that everyone running an NFS server=20
                  upgrade to this package immediately.

   pine.tgz
   imapd.tgz      Pine that shipped with 7.0 looked for pine.conf in
                  /usr/local/lib instead of /usr/lib/pine, which is where
                  we put the file.  These packages fix that problem, as
                  well as upgrading to Pine 4.21, which fixes some minor
                  problems people were reporting with the IMAP server (some
                  messages would remain flagged as "N" even after you read
                  it).

   raidtool.tgz   The package that shipped with 7.0 was missing the
                  symlinks for /sbin/mdrun and /sbin/mdstop, install
                  this package to address that problem.

   sh_utils.tgz   Moved /usr/bin/sleep to /bin/sleep, symlinked to it in
                  /usr/bin.  This addresses a problem with metamail's
                  autocompose.

   sysvinit.tgz   Carry a 512 byte entropy pool between reboots in
                  /etc/random-seed.  This improves the security of anything
                  using /dev/urandom as an entropy source.  Also, try to
                  shut down RAID devices in /etc/rc.d/rc.6 if we see that
                  an /etc/mdtab exists on the system.

   write.tgz      Fixes the broken /usr/bin/write command.  The one that
                  shipped with 7.0 had trouble with the Unix98 PTYs.

   wuftpd.tgz     wu-ftpd-2.6.0 as shipped in the tcpip1.tgz package with
                  7.0 has a broken version of /usr/bin/ftpwho that produces
                  invalid output.  This package fixes ftpwho.

These packages are designed to be installed on top of an existing Slackware
7.0 installation.  In the case where a package already exists (such as
pine.tgz), it is adviseable to use upgradepkg.  For other fixes (such as the
write.tgz one), you can just use installpkg to install the fix.

NOTE:  For packages that replace daemons on the system (such as bind), you=
=20
need to make sure that you stop the daemon before installing the package. =
=20
Otherwise the file may not be updated properly because it is in use.  You=
=20
can either stop the daemon manually or go into single user mode and then=20
go back to multiuser mode.  Example:

        # telinit 1             Go into single user mode
        # upgradepkg bind       Perform the upgrade
        # telinit 3             Go back to multiuser mode

Remember to back up configuration files before performing upgrades.

- The Slackware Linux Project
  http://www.slackware.com

----- End forwarded message -----

--=20
$_=3D'5O1v3v5y9)1b7u2q4x1i0e3u2"3S9n5w7s6&7o7h8k1l6k3u';s/(.)(.)/pack('C',o=
rd($2)-$1)/eg;print;

--8MZM6zh5Bb05FW+3
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4RJTzuLwj47paW7sRAQaFAKDXC3vn7OFOKifuT3+mw/JR2k4H2gCgoOLk
cEAbtGUHR7wYqR9KjhJGG48=
=5Sdo
-----END PGP SIGNATURE-----

--8MZM6zh5Bb05FW+3--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру