Errata for the 6.1 Version of the LFS Book

Known Security Vulnerabilities

• Texinfo-4.8 (and previous versions) has a vulnerability wherein a user can create a symlink attack due to poor tempfile creation. It is recommended to apply the patch found here.

• Util-linux-2.12q (and previous versions) has a vulnerability wherein a user who has permission to unmount a volume can remount it without the nosuid option. It is recommended to apply the patch.

• Bzip2 (all versions) is subject to the filename vulnerability identified in zgrep (CAN-2005-0758). We advise applying the bzgrep security patch.

• Several security vulnerabilities exist in Perl-5.8.6 (CAN-2005-0448, CAN-2004-0452, CAN-2005-0155, CAN-2005-0156 and CAN-2004-0976).

  We advise upgrading to Perl-5.8.7 to fix the first three vulnerabilities. The fourth vulnerability is considered low-risk and mainly affect the scripts in the test suite. An unofficial patch exists for those who may want to apply it.

  Special thanks go to Ken Moffat for analysing the vulnerabilities, patches and upstream tarballs involved.

• A security vulnerability exists in Vim-6.3 which allows modelines to be constructed that execute arbitrary shell commands (CAN-2005-2368). Users are strongly recommended to recompile Vim-6.3 with the updated security patch.

• A security vulnerability exists in Zlib-1.2.2 whereby disrupted streams can cause a buffer overflow (CAN-2005-1849). Users are strongly recommended to upgrade to Zlib-1.2.3, which fixes the problem. Note that this is a different vulnerability to the one addressed by the security patch in LFS-6.1 (that fixes CAN-2005-2096).

Miscellaneous Errata

• The command `groups' is listed under Shadow's list of installed files, but it is installed by Coreutils. Thanks to Randy McMurchy for the report.

• The symlink `flex++' is listed under Flex's list of installed files, but it isn't actually installed in the more recent versions of Flex that LFS now uses. Thanks to Randy McMurchy for the report.

• Texinfo installs a shell script `texi2pdf', but this isn't mentioned in Texinfo's list of installed programs. Thanks to Randy McMurchy for the report.

• Glibc-2.3.4 contains a bug where it will segfault when attempting to load a shared library in an empty chroot environment. This bug is triggered by the OpenSSH-4.x daemon. Applying this patch to the Glibc source files will fix the bug. More discussion can be seen in this bug report.