slackware-current/slackbook/html/security-current.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Keeping Current</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
<link rel="UP" title="Security" href="security.html" />
<link rel="PREVIOUS" title="Host Access Control" href="security-host.html" />
<link rel="NEXT" title="Archive Files" href="archive-files.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">Slackware Linux Essentials</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="security-host.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 14 Security</td>
<td width="10%" align="right" valign="bottom"><a href="archive-files.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="SECURITY-CURRENT" name="SECURITY-CURRENT">14.3 Keeping
Current</a></h1>

<div class="SECT2">
<h2 class="SECT2"><a id="SECURITY-CURRENT-LIST" name="SECURITY-CURRENT-LIST">14.3.1 <var
class="LITERAL">slackware-security</var> mailing list</a></h2>

<p>Whenever a security problem affects Slackware, an email is sent to all subscribers to
the <var class="LITERAL">slackware-security@slackware.com</var> mailing list. Reports are
sent out for vulnerabilities of any part of Slackware, apart from the software in <tt
class="FILENAME">/extra</tt> or <tt class="FILENAME">/pasture</tt>. These security
announcement emails include details on obtaining updated versions of Slackware packages
or work-arounds, if any.</p>

<p>Subscribing to Slackware mailing lists is covered in <a
href="help-online.html#HELP-ONLINE-EMAIL">Section 2.2.2</a>.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="SECURITY-CURRENT-PATCHES" name="SECURITY-CURRENT-PATCHES">14.3.2
The <tt class="FILENAME">/patches</tt> directory</a></h2>

<p>Whenever updated packages are released for a version of Slackware (usually only to fix
a security problem, in the case of already released Slackware versions), they are placed
in the <tt class="FILENAME">/patches</tt> directory. The full path to these patches will
depend on the mirror you are using, but will take the form <tt
class="FILENAME">/path/to/slackware-x.x/patches/</tt>.</p>

<p>Before installing these packages, it is a good idea to verify the <tt
class="COMMAND">md5sum</tt> of the package. <tt class="COMMAND">md5sum</tt>(1) is a
commandline utility that creates a &#8220;unique&#8221; mathematical hash of the file. If
a single bit of the file has been changed, it will generate a different md5sum value.</p>

<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">%</samp> <kbd
class="USERINPUT">md5sum package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz</kbd>
6341417aa1c025448b53073a1f1d287d  package-&lt;ver&gt;-&lt;arch&gt;-&lt;rev&gt;.tgz
</pre>
</td>
</tr>
</table>

<p>You should then check this against the line for the new package in the <tt
class="FILENAME">CHECKSUMS.md5</tt> file in the root of the <tt
class="FILENAME">slackware-<var class="REPLACEABLE">$VERSION</var></tt> directory (also
in the <tt class="FILENAME">/patches</tt> directory for patches) or in the email to the
<var class="LITERAL">slackware-security</var> mailing list.</p>

<p>If you have a file with the md5sum values in it, you can source it instead with the
<var class="OPTION">-c</var> option to <tt class="COMMAND">md5sum</tt>.</p>

<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">md5sum -c CHECKSUMS.md5</kbd>
./ANNOUNCE.10_0: OK
./BOOTING.TXT: OK
./COPYING: OK
./COPYRIGHT.TXT: OK
./CRYPTO_NOTICE.TXT: OK
./ChangeLog.txt: OK
./FAQ.TXT: FAILED
</pre>
</td>
</tr>
</table>

<p>As you can see, any files that <tt class="COMMAND">md5sum</tt> evaluates as correct
are listed &#8220;<var class="LITERAL">OK</var>&#8221; while files that fail are labelled
&#8220;<var class="LITERAL">FAILED</var>&#8221;. (Yes, this was an insult to your
intelligence. Why do you put up with me?)</p>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="security-host.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="archive-files.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">Host Access Control</td>
<td width="34%" align="center" valign="top"><a href="security.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Archive Files</td>
</tr>
</table>
</div>
</body>
</html>