Tuesday, April 21, 2009

Security Update: udev

Another security update has been released on -Current branch along with several other fixes in a/ directory. Here are the latest -Current changelog:
Mon Apr 20 23:38:45 CDT 2009
a/etc-12.34567890-noarch-3.tgz: Added the uucp user to the dialout group.

a/mkinitrd-1.3.3-i486-3.tgz: Fixed broken directory in initrd-tree.tar.gz.
Thanks to Malcolm Rowe for the bug report.

a/pkgtools-12.34567890-noarch-3.tgz: Fixed upgradepkg oldpackage%newpackage.
Fixed the installpkg test for the external compression utility.
Thanks to Robby Workman.

a/pcmciautils-015-i486-2.tgz: Added symlinks to /sbin/* in /lib/udev (needed by the udev rules file). Fixed installation of udev rules file.
Thanks to Robby Workman.

Upgraded to udev-141.
Changed serial devices from group 'uucp' to group 'dialout'.
This upgrade fixes a local root hole and a denial of service issue.
For more information, see:
(* Security fix *)

l/pilot-link-0.12.3-i486-7.tgz: The dialout devices now use group 'dialout' rather than group 'uucp', and the udev rules have been changed to use MODE="660" instead of MODE="664". Thanks to Robby Workman.