|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] aaa_base not vulnerable
Date: Mon, 1 May 2000 15:35:03 -0700 (PDT) |
|
Slackware aaa_base Package Not Affected
---------------------------------------
On the 29th of April, SuSE posted an advisory stating that their aaa_base
package has a couple of security flaws related to (1) a cron job that can
be enabled to clean up old files in /tmp and /var/tmp and (2) the use of
/tmp as a home directory for several accounts (including "nobody"). The
advisory included this text:
Other Linux distributions or operating systems might be affected as
well, please contact your vendor for information about this issue.
Not to worry, the aaa_base.tgz package used by Slackware is not vulnerable
to these problems. Slackware has never included the vulnerable cron job
script (which was added by SuSE to their version of aaa_base), nor does it
use /tmp as a home directory for any account.
-- Slackware Linux Project
http://www.slackware.com
|
| |