[Prev][Next][Index][Thread]

Slackware bashing (fwd)




Slack/RedHat fights are going on on other lists... this time about
security patches updates. WU-ftp has a huge security hole, if you guys
don't know, and it appears Slackware HAS beat Redhat to it this time,
though :-)



---------- Forwarded message ----------
Date: Wed, 8 Jan 1997 17:42:44 -0500 (EST)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: linuxisp@friendly.jeffnet.org
Subject: Slackware bashing
Resent-Date: Wed, 8 Jan 1997 14:48:55 -0800
Resent-From: linuxisp@friendly.jeffnet.org

Looks like some of us have not used a recent slackware for so long we
don't know what we're talking about.  I was just looking into my FTP
server (wondering where the disk space is going) and noticed that my
Slackware mirror brought in some new files a few nights ago...one of them
was this:

-----
Reports on the Bugtraq last have indicated that wu-ftpd contains a
security hole which can allow ftp users (including anonymous users) to
access files as root.  The wu-ftpd.tgz package contains a replacement for
the /usr/sbin/wu.ftpd binary patched to fix the hole.  To install it, use
the 'installpkg' utility as root: 

    installpkg wu-ftpd.tgz

You may wish to switch to runlevel 1 (telinit 1) before using installpkg
to ensure that no one is using your existing wu.ftpd.

-----------------------------------------------
MD5 sums:
484ea205d7b05d69bdd0be5af2013119  wu-ftpd-2.4-slacksrc.tar.gz
ea343c5ac8cded713cf541de068a30de  wu-ftpd.tgz
-----


------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______