Errata for the 6.4 Version of the LFS Book

Miscellaneous Errata

• SECURITY UPDATE. Two vulnerabilities in udev-130 have recently come to light, labelled as CVE-2009-118{5,6}. The first applies to ALL previous versions of udev, and allows a local user to gain root privileges by passing unicast messages to udev. The second only applies to more-recent versions of udev, and is a potential denial of service from a buffer overflow. The patch for udev-130 is found at: http://www.linuxfromscratch.org/patches/downloads/udev/udev-130-security_fixes-1.patch

  Apply the patch after extracting the udev tarball with:

  patch -Np1 -i ../udev-130-security_fixes-1.patch

  and continue with the instructions in the book.

• In section 3.2, All Packages, the location of the Glibc snapshot is no longer available at the location specified in the book. The specified version can be found at ftp://ftp.lfs-matrix.net/pub/lfs/lfs-packages/development/glibc-2.8-20080929.tar.bz2.

  In section 3.2, All Packages, the location of MPFR is no longer available at the location specified in the book. The specified version can be found at http://www.mpfr.org/mpfr-2.3.2/mpfr-2.3.2.tar.bz2.

• In section 5.21, Gawk-3.1.6, the paragraph starting "Compilation is now complete." should be after the make command.

  In the same section the sentence that reads "The is necessary..." should read :This is necessary...".

• In section 6.20, M4-1.4.12, the --enable-threads switch should be removed. The tests in 'make check' are properly skipped.