Slackware: 2004-110-01 Minor Vulnerability in Utempter Symlink
slackware
April 19, 2004
New utempter packages are available for Slackware 9.1 and -current to fix a security issue
Summary
Here are the details from the Slackware 9.1 ChangeLog: Mon Apr 19 13:51:01 PDT 2004 patches/packages/utempter-1.1.1-i486-1.tgz: Upgraded to libutempter-1.1.1 (this is a new version written by Dmitry V. Levin of ALT Linux). This upgrade fixes a low-level security issue in utempter-0.5.2 where utempter could possibly be tricked into writing through a symlink, and is a cleaner implementation all-around. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0233 (* Security fix *) WHERE TO FIND THE NEW PACKAGE: Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/utempter-1.1.1-i486-1.tgz Updated package for Slackware -current: MD5 SIGNATURES: Slackware 9.1 package: 839cd39cb90f31253d5bc4c028c28fe1 utempter-1.1.1-i486-1.tgz Slackware -current package: 97ce776901ca9b20ffe916228a487729 utempter-1.1.1-i486-1.tgz INSTALLATION INSTRUCTIONS: Upgrade the package as root: # upgradepkg
Read the Full Advisory
Topics Covered
Where Find New Packages
MD5 Signatures
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!