---

slackware-security wu-ftpd upgrade available

As reported to [email protected]:

ATTENTION: All users of Slackware 4.0 and Slackware-current

REGARDING: CERT Advisory CA-99-13 Multiple Vulnerabilities in
WU-FTPD

The recent CERT advisory reporting multiple vulnerabilities
in WU-FTPD affects Slackware-current and Slackware-4.0.
Here
is the advisory that CERT released:

http://www.cert.org/advisories/CA-99-13-wuftpd.html

An upgraded tcpip1.tgz package is available for both Slackware
4.0 and Slackware-current in their respective directories on
ftp.cdrom.com:

For Slackware-current:

ftp://ftp.cdrom.com/pub/linux/slackware-current/slakware/n6/tcpip1.tgz

For Slackware-4.0:

ftp://ftp.cdrom.com/pub/linux/slackware-4.0/slakware/n8/tcpip1.tgz

Users can download this package and run “upgradepkg” to perform
the upgrade. See the ChangeLogs for each release for more
information.

David Cantrell | [email protected]


CA-99-13: minimal fix for Slackware 3.5 through 4.0

Regarding the recent CERT advisory about WU-FTPD:

An alternative minimal fix is available for Slackware versions
3.5, 3.6, 3.9, and 4.0. Users can download this and run
“installpkg” on it to upgrade the FTP server.

You can obtain the package from:

ftp://ftp.cdrom.com/pub/linux/slackware-4.0/patches/wuftpd.tgz

David Cantrell | [email protected]