ot RED(7-09-2000)
Novinata e predostavena ot Valeri Dachchev -
valery@linux.home.bg
Naskoro v BugTraq biaha dokladvani tri uiazvimosti otnasiashti se
do locales v glibc 2.1.3. Tezi uiazvimosti mogat da pozvoliat
na lokalen potrebitel da pridobie root dostup.
Na potrebitelite na Slackware 7.0, 7.1, i -current silno se
preporuchva
speshno da obnoviat do novite glibc paketi v -current
durvoto.
===============================================================
glibc 2.1.3 DOSTUPEN - (a1/glibcso.tgz, d1/glibc.tgz,
des1/descrypt.tgz)
===============================================================
Trite uiazvimosti otnasiashti se do locales s glibc-2.1.3 biaha
zakurpeni
izpolzvaiki CVS krupkite predostaveni ot Solar Designer.
INFORMATSIQ ZA PAKETITE:
-----------------------
a1/glibcso.tgz: Tozi paket sudurzha runtime
bibliotekite za glibs 2.1.3. Vsichki
potrebiteli na Slackware 7.0, a sushto i -current,
triabva da obnoviat tozi paket.
d1/glibc.tgz: Tova e pulniiat glibc 2.1.3
paket, zaedno s header-i i statichni
biblioteki. Ako ste instalirali tozi paket, triabva da
go obnovite.
des1/descrypt.tgz: Sudurzha DES-enabled
libcrypt.so biblioteka. Ako imate tozi paket,
shte vi se nalozhi da go obnovite. VAZHNO: Napravete
taka, che tozi paket da bude obnoven *SLED*
glibcso.tgz i glibc.tgz.
KUDE DA NAMERITE NOVITE PAKETI:
-------------------------------
Vsichki novi paketi mogat da budat namereni v -current
durvoto:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/glibcso.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/glibc.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/des1/descrypt.tgz
MD5 PODPISI I CHECK-SUMI:
-------------------------
Tova sa MD5 sumite i Check sumite za paketite:
1119944158 781102 a1/glibcso.tgz
4150671113 22146158 d1/glibc.tgz
95989487 95843 des1/descrypt.tgz
0fa3614e6cdee92687c78d84e2587b81
a1/glibcso.tgz
7fafee175cf7acee5d90fd416e92d44b
d1/glibc.tgz
3493af0bae0aeea840a464bc53d3b63f
des1/descrypt.tgz
INSTRUKTSII ZA INSTALATSIQ:
-------------------------
Trite paket po-gore triabva da budat obnoveni v single user
rezhim (runlevel
1). Privedete sistemata v runlevel 1:
# telinit 1
Togava obnovete paketite:
# upgradepkg <package name>.tgz
Posle privedete sistemata obratno v multiuser rezhim:
# telinit 3
Zapomnete, dobra praktika e da zapazite nastroivashtite se
failove predi da obnovite paketite.
- Slackware Linux Security Team
http://www.slackware.com
<< KDE shte stane chast ot Debian GNU/Linux | Mandrake 7.2 Beta - Ulysses >>
|