Slackware Security Advisories
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Local /tmp vulnerability fixed in ppp-off
Date: Tue, 24 Oct 2000 19:48:59 -0700 (PDT)
A local /tmp bug in the /usr/sbin/ppp-off program was found.  This bug
could allow a local user to corrupt system files.  A fix has been made and
an updated package is now available in the -current branch.

The package described below will work for users of Slackware 7.0, 7.1, and
-current.


   ==================================
   ppp package updated - (n1/ppp.tgz)
   ==================================

      A local /tmp bug in the /usr/sbin/ppp-off program has been found and
      fixed.  The new ppp.tgz package is available from:

         ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/ppp.tgz

      For verification purposes, we provide the following checksums:

         16-bit "sum" checksum:
         60573   191   n1/ppp.tgz

         128-bit MD5 message digest:
         c879dd34413a5d9cf367640206492852  n1/ppp.tgz


      INSTALLATION INSTRUCTIONS FOR THE ppp.tgz PACKAGE:
      --------------------------------------------------
      Disable any running pppd processes:

         # killall pppd

      Then issue this command:

         # upgradepkg ppp.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+


Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.