diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2011-04-25 13:37:00 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 22:45:18 +0200 |
commit | 75a4a592e5ccda30715f93563d741b83e0dcf39e (patch) | |
tree | 502f745607e77a2c4386ad38d818ddcafe81489c /slackbook/html/security-current.html | |
parent | b76270bf9e6dd375e495fec92140a79a79415d27 (diff) | |
download | current-75a4a592e5ccda30715f93563d741b83e0dcf39e.tar.gz current-75a4a592e5ccda30715f93563d741b83e0dcf39e.tar.xz |
Slackware 13.37slackware-13.37
Mon Apr 25 13:37:00 UTC 2011
Slackware 13.37 x86_64 stable is released!
Thanks to everyone who pitched in on this release: the Slackware team,
the folks producing upstream code, and linuxquestions.org for providing
a great forum for collaboration and testing.
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
As always, thanks to the Slackware community for testing, suggestions,
and feedback. :-)
Have fun!
Diffstat (limited to 'slackbook/html/security-current.html')
-rw-r--r-- | slackbook/html/security-current.html | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/slackbook/html/security-current.html b/slackbook/html/security-current.html new file mode 100644 index 000000000..12e207167 --- /dev/null +++ b/slackbook/html/security-current.html @@ -0,0 +1,138 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta name="generator" content="HTML Tidy, see www.w3.org" /> +<title>Keeping Current</title> +<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> +<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> +<link rel="UP" title="Security" href="security.html" /> +<link rel="PREVIOUS" title="Host Access Control" href="security-host.html" /> +<link rel="NEXT" title="Archive Files" href="archive-files.html" /> +<link rel="STYLESHEET" type="text/css" href="docbook.css" /> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> +</head> +<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" +alink="#0000FF"> +<div class="NAVHEADER"> +<table summary="Header navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<th colspan="3" align="center">Slackware Linux Essentials</th> +</tr> + +<tr> +<td width="10%" align="left" valign="bottom"><a href="security-host.html" +accesskey="P">Prev</a></td> +<td width="80%" align="center" valign="bottom">Chapter 14 Security</td> +<td width="10%" align="right" valign="bottom"><a href="archive-files.html" +accesskey="N">Next</a></td> +</tr> +</table> + +<hr align="LEFT" width="100%" /> +</div> + +<div class="SECT1"> +<h1 class="SECT1"><a id="SECURITY-CURRENT" name="SECURITY-CURRENT">14.3 Keeping +Current</a></h1> + +<div class="SECT2"> +<h2 class="SECT2"><a id="SECURITY-CURRENT-LIST" name="SECURITY-CURRENT-LIST">14.3.1 <var +class="LITERAL">slackware-security</var> mailing list</a></h2> + +<p>Whenever a security problem affects Slackware, an email is sent to all subscribers to +the <var class="LITERAL">slackware-security@slackware.com</var> mailing list. Reports are +sent out for vulnerabilities of any part of Slackware, apart from the software in <tt +class="FILENAME">/extra</tt> or <tt class="FILENAME">/pasture</tt>. These security +announcement emails include details on obtaining updated versions of Slackware packages +or work-arounds, if any.</p> + +<p>Subscribing to Slackware mailing lists is covered in <a +href="help-online.html#HELP-ONLINE-EMAIL">Section 2.2.2</a>.</p> +</div> + +<div class="SECT2"> +<h2 class="SECT2"><a id="SECURITY-CURRENT-PATCHES" name="SECURITY-CURRENT-PATCHES">14.3.2 +The <tt class="FILENAME">/patches</tt> directory</a></h2> + +<p>Whenever updated packages are released for a version of Slackware (usually only to fix +a security problem, in the case of already released Slackware versions), they are placed +in the <tt class="FILENAME">/patches</tt> directory. The full path to these patches will +depend on the mirror you are using, but will take the form <tt +class="FILENAME">/path/to/slackware-x.x/patches/</tt>.</p> + +<p>Before installing these packages, it is a good idea to verify the <tt +class="COMMAND">md5sum</tt> of the package. <tt class="COMMAND">md5sum</tt>(1) is a +commandline utility that creates a “unique” mathematical hash of the file. If +a single bit of the file has been changed, it will generate a different md5sum value.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">%</samp> <kbd +class="USERINPUT">md5sum package-<ver>-<arch>-<rev>.tgz</kbd> +6341417aa1c025448b53073a1f1d287d package-<ver>-<arch>-<rev>.tgz +</pre> +</td> +</tr> +</table> + +<p>You should then check this against the line for the new package in the <tt +class="FILENAME">CHECKSUMS.md5</tt> file in the root of the <tt +class="FILENAME">slackware-<var class="REPLACEABLE">$VERSION</var></tt> directory (also +in the <tt class="FILENAME">/patches</tt> directory for patches) or in the email to the +<var class="LITERAL">slackware-security</var> mailing list.</p> + +<p>If you have a file with the md5sum values in it, you can source it instead with the +<var class="OPTION">-c</var> option to <tt class="COMMAND">md5sum</tt>.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">md5sum -c CHECKSUMS.md5</kbd> +./ANNOUNCE.10_0: OK +./BOOTING.TXT: OK +./COPYING: OK +./COPYRIGHT.TXT: OK +./CRYPTO_NOTICE.TXT: OK +./ChangeLog.txt: OK +./FAQ.TXT: FAILED +</pre> +</td> +</tr> +</table> + +<p>As you can see, any files that <tt class="COMMAND">md5sum</tt> evaluates as correct +are listed “<var class="LITERAL">OK</var>” while files that fail are labelled +“<var class="LITERAL">FAILED</var>”. (Yes, this was an insult to your +intelligence. Why do you put up with me?)</p> +</div> +</div> + +<div class="NAVFOOTER"> +<hr align="LEFT" width="100%" /> +<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<td width="33%" align="left" valign="top"><a href="security-host.html" +accesskey="P">Prev</a></td> +<td width="34%" align="center" valign="top"><a href="index.html" +accesskey="H">Home</a></td> +<td width="33%" align="right" valign="top"><a href="archive-files.html" +accesskey="N">Next</a></td> +</tr> + +<tr> +<td width="33%" align="left" valign="top">Host Access Control</td> +<td width="34%" align="center" valign="top"><a href="security.html" +accesskey="U">Up</a></td> +<td width="33%" align="right" valign="top">Archive Files</td> +</tr> +</table> +</div> +</body> +</html> + |