Fwd: Security Patches for Slackware 7.0 Available
Kwsths
math1890 at edu.uch.gr
Mon Dec 6 19:03:20 EET 1999
isws na endiaferei merikous..
>Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST)
>From: David Cantrell <david at slackware.com>
>To: slackware-security at slackware.com
>Subject: Security Patches for Slackware 7.0 Available
>Sender: owner-slackware-security at slackware.com
>Reply-To: David Cantrell <david at slackware.com>
>
>There are several security updates available for Slackware 7.0. We will
>always post bug fixes and security fixes to the /patches subdirectory on
>the ftp site:
>
> ftp.cdrom.com:/pub/linux/slackware-7.0/patches
>
>The ChangeLog.txt file in that directory will show what has been patched and
>why. Here is a short overview of the current patches available:
>
>
>
> =======================
> BIND-8.2.2-P5 available
> =======================
>
> CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND:
>
> http://www.cert.org/advisories/CA-99-14-bind.html
>
> Six vulnerabilities have been found in BIND, the popular domain name
> server from the Internet Software Consortium (ISC). One of these
> vulnerabilities may allow remote intruders to gain priviledged access
> to name servers.
>
> It is recommended that all systems running the BIND package that
> shipped with Slackware 7.0 upgrade to this one. Here is the ChangeLog
> description:
>
> bind.tgz Upgraded to bind-8.2.2-P5. This fixes a vulnerability
> in the processing of NXT records that can be used in a
> DoS attack or (theoretically) be exploited to gain access
> to the server. It is suggested that everyone running
> bind upgrade to this package as soon as possible.
>
>
>
> ==============================
> nfs-server-2.2beta47 available
> ==============================
>
> It is recommended that all Slackware 7.0 systems using NFS upgrade to
> nfs-server 2.2beta47 to patch a possible exploit. Here is the
> ChangeLog description:
>
> nfs-server.tgz Upgraded to nfs-server-2.2beta47, to fix a security
> problem with the version that shipped with Slackware 7.0
> (nfs-server-2.2beta46). By using a long pathname on a
> directory NFS mounted read-write, it may be possible for
> an attacker to execute arbitrary code on the server. It
> is recommended that everyone running an NFS server
> upgrade to this package immediately.
>
>
>
>These packages are designed to be installed on top of an existing Slackware
>7.0 installation. In the case where a package already exists (such as
>bind.tgz), it is adviseable to use upgradepkg. For other fixes (such as the
>nfs-server.tgz one), you can just use installpkg to install the fix.
>
>NOTE: For packages that replace daemons on the system (such as bind), you
>need to make sure that you stop the daemon before installing the package.
>Otherwise the file may not be updated properly because it is in use. You
>can either stop the daemon manually or go into single user mode and then
>go back to multiuser mode. Example:
>
> # telinit 1 Go into single user mode
> # upgradepkg bind Perform the upgrade
> # telinit 3 Go back to multiuser mode
>
>Remember to back up configuration files before performing upgrades.
>
>- The Slackware Linux Project
> http://www.slackware.com
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at hellug.gr
Ta archives tis listas einai sto http://lists.hellug.gr/lgu.html
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users at hellug.gr
====================================================================
More information about the Linux-greek-users
mailing list