Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Fedora Core 1 Testing Update: slocate-2.7-4
Posted by Philipp Esselbach on: 01/23/2004 06:21 PM [ Print | 0 comment(s) ]
Fedora Test Update Notification
FEDORA-2004-059
2004-01-21
---------------------------------------------------------------------
Name : slocate
Version : 2.7
Release : 4
Summary : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system.
FEDORA-2004-059
2004-01-21
---------------------------------------------------------------------
Name : slocate
Version : 2.7
Release : 4
Summary : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system.
---------------------------------------------------------------------
Update Information:
Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0848 to this issue.
Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database.
---------------------------------------------------------------------
* Wed Jan 21 2004 Mark Cox (mjc redhat com)
- drop privs for non slocate gid databases (CAN-2003-0848)
- update to 2.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/
48a9f6409ede89470dbeb9c9be3bbb42 SRPMS/slocate-2.7-4.src.rpm
5cecdaa91d6f26d0285592620d13ac9d i386/slocate-2.7-4.i386.rpm
b4e7fab0377000fabdd136dbe99a8cea i386/debug/slocate-debuginfo-2.7-4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. You may need to edit your up2date channels configuration. Within /etc/sysconfig/rhn/sources enable the following line:
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
Update Information:
Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0848 to this issue.
Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database.
---------------------------------------------------------------------
* Wed Jan 21 2004 Mark Cox (mjc redhat com)
- drop privs for non slocate gid databases (CAN-2003-0848)
- update to 2.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/
48a9f6409ede89470dbeb9c9be3bbb42 SRPMS/slocate-2.7-4.src.rpm
5cecdaa91d6f26d0285592620d13ac9d i386/slocate-2.7-4.i386.rpm
b4e7fab0377000fabdd136dbe99a8cea i386/debug/slocate-debuginfo-2.7-4.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. You may need to edit your up2date channels configuration. Within /etc/sysconfig/rhn/sources enable the following line:
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
Related Threads
09/29/2007 09:59 AM: Dual booting Fedora Core 5 with Windows XP Pro? (5) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff