Linux Today: Linux News On Internet Time.

More on LinuxToday

New Patches for Slackware 7.0 Available

Dec 01, 1999, 21:53 (0 Talkback[s])
(Other stories by David Cantrell)

Date: Tue, 30 Nov 1999 12:12:26 -0800 (PST)
From: David Cantrell <<a href="mailto:david@slackware.com">david@slackware.com>
To: slackware-announce@slackware.com
Subject: New Patches for Slackware 7.0 Available

There are several bug fixes available for Slackware 7.0. We will always post bug fixes and security fixes to the /patches subdirectory on the ftp site:


The ChangeLog.txt file in that directory will show what has been patched and why. Here is a short overview of the current patches available:

Upgraded to bind-8.2.2-P5. This fixes a vulnerability in the processing of NXT records that can be used in a DoS attack or (theoretically) be exploited to gain access to the server. It is suggested that everyone running bind upgrade to this package as soon as possible.

Upgraded to nfs-server-2.2beta47, to fix a security problem with the version that shipped with Slackware 7.0 (nfs-server-2.2beta46). By using a long pathname on a directory NFS mounted read-write, it may be possible for an attacker to execute arbitrary code on the server. It is recommended that everyone running an NFS server upgrade to this package immediately.

Pine that shipped with 7.0 looked for pine.conf in /usr/local/lib instead of /usr/lib/pine, which is where we put the file. These packages fix that problem, as well as upgrading to Pine 4.21, which fixes some minor problems people were reporting with the IMAP server (some messages would remain flagged as "N" even after you read it).

The package that shipped with 7.0 was missing the symlinks for /sbin/mdrun and /sbin/mdstop, install this package to address that problem.

Moved /usr/bin/sleep to /bin/sleep, symlinked to it in /usr/bin. This addresses a problem with metamail's autocompose.

Carry a 512 byte entropy pool between reboots in /etc/random-seed. This improves the security of anything using /dev/urandom as an entropy source. Also, try to shut down RAID devices in /etc/rc.d/rc.6 if we see that an /etc/mdtab exists on the system.

Fixes the broken /usr/bin/write command. The one that shipped with 7.0 had trouble with the Unix98 PTYs.

wu-ftpd-2.6.0 as shipped in the tcpip1.tgz package with 7.0 has a broken version of /usr/bin/ftpwho that produces invalid output. This package fixes ftpwho.

These packages are designed to be installed on top of an existing Slackware 7.0 installation. In the case where a package already exists (such as pine.tgz), it is adviseable to use upgradepkg. For other fixes (such as the write.tgz one), you can just use installpkg to install the fix.

NOTE: For packages that replace daemons on the system (such as bind), you need to make sure that you stop the daemon before installing the package. Otherwise the file may not be updated properly because it is in use. You can either stop the daemon manually or go into single user mode and then go back to multiuser mode. Example:

# telinit 1 Go into single user mode
# upgradepkg bind Perform the upgrade
# telinit 3 Go back to multiuser mode

Remember to back up configuration files before performing upgrades.

- The Slackware Linux Project