Slackware Security Updates: dhcpcd & util-linux, -current labelled as Slackware 10.2

There are updated packages available for the Slackware Linux distribution. The packages are dhcpcd and util-linux.

Details of the dhcpcd update:

New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and results in a denial of service. Of course, a malicious DHCP server could simply give you an IP address that wouldn’t work, too, such as, but since people have been asking about this issue, here’s a fix, and that’s the extent of the impact. In other words, very little real impact.

Even less detail about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

Details of the util-linux update:

New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the ‘-r’ option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges.

For more details, see David Watson’s post to BugTraq:

If you’re using Slackware-current, there are a few other packages have also been updated on these past few days. Running cat /etc/slackware-version shows that my installation is now running Slackware 10.2.0. I guess it’s a matter of days before Slackware 10.2 is officially released.

Also, users of rp-pppoe might suddenly find that they cannot run adsl-start, adsl-stop and other rp-pppoe commands. The reason for this is that the command name has changed. Use pppoe instead of adsl as the prefix to the commands. ie. adsl-start is now pppoe-start. Hope this helps somebody out there.

Updated packages can be downloaded from the Slackware Package Browser or using automated package management tools like Swaret or slapt-get.