Gentoo: 200302-02 Urgent: Slocate Buffer Overflow Exploit Alert
gentoo
February 3, 2003
The overflow appears when the slocate is run with two parameters: -c and -r, using as arguments a 1024 bytes string.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-02 - -------------------------------------------------------------------- DATE : 2003-02-02 13:36 UTC
- --------------------------------------------------------------------
From advisory:
"The overflow appears when the slocate is runned with two parameters: -c and -r, using as arguments a 1024 (or 10240, as Knight420 has informed us earlier) bytes string."
Read the full advisory at
SOLUTION
It is recommended that all Gentoo Linux users who are running sys-apps/slocate upgrade to slocate-2.7 as follows:
emerge sync emerge -u slocate emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - --------------------------------------------------------------------
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : slocate
SUMMARY : buffer overflow
EXPLOIT : local
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!