---

Home Security

New Patches for Slackware 4.0 Available

By

Date: Tue, 30 Nov 1999 12:11:56 -0800 (PST)
From: David Cantrell david@slackware.com
To: slackware-announce@slackware.com
Subject: New Patches for Slackware 4.0 Available

There are several bug fixes available for Slackware 4.0. Though
they have not been tested on all previous releases of Slackware,
they should work for any libc5 Slackware system (4.0 and previous).
The patches for Slackware 4.0 can be found in the /patches
subdirectory on the ftp site:

ftp.cdrom.com:/pub/linux/slackware-4.0/patches

The ChangeLog.txt file in that directory will show what has been
patched and why. Here is a short overview of the current patches
available:

bind.tgz
Upgraded to bind-8.2.2-P5. This fixes a vulnerability in the
processing of NXT records that can be used in a DoS attack or
(theoretically) be exploited to gain access to the server. It is
suggested that everyone running bind upgrade to this package as
soon as possible.

nfs-server.tgz
Upgraded to nfs-server-2.2beta47, to fix a security problem with
the versions prior to 2.2beta47. By using a long pathname on a
directory NFS mounted read-write, it may be possible for an
attacker to execute arbitrary code on the server. It is recommended
that everyone running an NFS server upgrade to this package
immediately.

pine.tgz
Upgrades Pine to version 4.21. Versions prior to 4.0 have a Y2K bug
where the date sorting will not work properly when the new century
begins.

imapd.tgz
Upgrades imapd to the version from Pine 4.21

sysklogd.tgz
It’s possible to hang a machine and cause a denial of service by
opening many connections to the syslogd shipped with Slackware 4.0
and earlier. This package upgrades to sysklogd-1.3-33, which fixes
the problem.

wuftpd.tgz
Relinked against -lshadow, enabling MD5 shadow password
support.

These packages are designed to be installed on top of an
existing Slackware 4.0 system. In the case where a package already
exists (such as the pine.tgz one), you should use upgradepkg (if
available) to install the patch. For other fixes, you can just use
installpkg to install the patch.

NOTE: For packages that replace daemons on the system (such as
bind), you need to make sure that you stop the daemon before
installing the package. Otherwise the file may not be updated
properly because it is in use. You can either stop the daemon
manually or go into single user mode and then go back to multiuser
mode. Example:

# telinit 1 Go into single user mode
# upgradepkg bind Perform the upgrade
# telinit 3 Go back to multiuser mode

Remember to back up configuration files before performing
upgrades.

– The Slackware Linux Project
http://www.slackware.com

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.