summaryrefslogtreecommitdiff
path: root/slackbook/html/security-current.html
blob: 12e207167252160d5d15dd78971e954616bff6b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Keeping Current</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
<link rel="UP" title="Security" href="security.html" />
<link rel="PREVIOUS" title="Host Access Control" href="security-host.html" />
<link rel="NEXT" title="Archive Files" href="archive-files.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">Slackware Linux Essentials</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="security-host.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 14 Security</td>
<td width="10%" align="right" valign="bottom"><a href="archive-files.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="SECURITY-CURRENT" name="SECURITY-CURRENT">14.3 Keeping
Current</a></h1>

<div class="SECT2">
<h2 class="SECT2"><a id="SECURITY-CURRENT-LIST" name="SECURITY-CURRENT-LIST">14.3.1 <var
class="LITERAL">slackware-security</var> mailing list</a></h2>

<p>Whenever a security problem affects Slackware, an email is sent to all subscribers to
the <var class="LITERAL">slackware-security@slackware.com</var> mailing list. Reports are
sent out for vulnerabilities of any part of Slackware, apart from the software in <tt
class="FILENAME">/extra</tt> or <tt class="FILENAME">/pasture</tt>. These security
announcement emails include details on obtaining updated versions of Slackware packages
or work-arounds, if any.</p>

<p>Subscribing to Slackware mailing lists is covered in <a
href="help-online.html#HELP-ONLINE-EMAIL">Section 2.2.2</a>.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="SECURITY-CURRENT-PATCHES" name="SECURITY-CURRENT-PATCHES">14.3.2
The <tt class="FILENAME">/patches</tt> directory</a></h2>

<p>Whenever updated packages are released for a version of Slackware (usually only to fix
a security problem, in the case of already released Slackware versions), they are placed
in the <tt class="FILENAME">/patches</tt> directory. The full path to these patches will
depend on the mirror you are using, but will take the form <tt
class="FILENAME">/path/to/slackware-x.x/patches/</tt>.</p>

<p>Before installing these packages, it is a good idea to verify the <tt
class="COMMAND">md5sum</tt> of the package. <tt class="COMMAND">md5sum</tt>(1) is a
commandline utility that creates a &#8220;unique&#8221; mathematical hash of the file. If
a single bit of the file has been changed, it will generate a different md5sum value.</p>

<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd
class="USERINPUT">md5sum package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz</kbd>
6341417aa1c025448b53073a1f1d287d  package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz
</pre>
</td>
</tr>
</table>

<p>You should then check this against the line for the new package in the <tt
class="FILENAME">CHECKSUMS.md5</tt> file in the root of the <tt
class="FILENAME">slackware-<var class="REPLACEABLE">$VERSION</var></tt> directory (also
in the <tt class="FILENAME">/patches</tt> directory for patches) or in the email to the
<var class="LITERAL">slackware-security</var> mailing list.</p>

<p>If you have a file with the md5sum values in it, you can source it instead with the
<var class="OPTION">-c</var> option to <tt class="COMMAND">md5sum</tt>.</p>

<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">md5sum -c CHECKSUMS.md5</kbd>
./ANNOUNCE.10_0: OK
./BOOTING.TXT: OK
./COPYING: OK
./COPYRIGHT.TXT: OK
./CRYPTO_NOTICE.TXT: OK
./ChangeLog.txt: OK
./FAQ.TXT: FAILED
</pre>
</td>
</tr>
</table>

<p>As you can see, any files that <tt class="COMMAND">md5sum</tt> evaluates as correct
are listed &#8220;<var class="LITERAL">OK</var>&#8221; while files that fail are labelled
&#8220;<var class="LITERAL">FAILED</var>&#8221;. (Yes, this was an insult to your
intelligence. Why do you put up with me?)</p>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="security-host.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="archive-files.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">Host Access Control</td>
<td width="34%" align="center" valign="top"><a href="security.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Archive Files</td>
</tr>
</table>
</div>
</body>
</html>