---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-059
2004-01-26
---------------------------------------------------------------------

Name        : slocate
Version     : 2.7                      
Release     : 4                  
Summary     : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files which match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

---------------------------------------------------------------------
Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up to and
including 2.7 where a carefully crafted database could overflow a
heap-based buffer. A local user could exploit this vulnerability to gain
"slocate" group privileges and then read the entire slocate database. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0848 to this issue.
 
Users of Slocate should upgrade to these packages which contain a
patch from Kevin Lindsay which causes slocate to drop privileges before
reading a user-supplied database.
---------------------------------------------------------------------
* Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

- drop privs for non slocate gid databases (CAN-2003-0848)
- update to 2.7


---------------------------------------------------------------------
This update can be downloaded from:
    

01bf7fd37e5eeb0f4ec4bdc09a4f236e  SRPMS/slocate-2.7-4.src.rpm
ecec8659907bbbe65297b634d930b9ae  i386/slocate-2.7-4.i386.rpm
33661442e2657b361a64acac29e0cea8  i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: slocate Heap overflow vulnerability

January 26, 2004
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.

Summary

Slocate is a security-enhanced version of locate. Just like locate,

slocate searches through a central database (which is updated nightly)

for files which match a given pattern. Slocate allows you to quickly

find files anywhere on your system.

Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0848 to this issue.

Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database. * Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

- drop privs for non slocate gid databases (CAN-2003-0848) - update to 2.7


This update can be downloaded from:


01bf7fd37e5eeb0f4ec4bdc09a4f236e SRPMS/slocate-2.7-4.src.rpm ecec8659907bbbe65297b634d930b9ae i386/slocate-2.7-4.i386.rpm 33661442e2657b361a64acac29e0cea8 i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


-- fedora-announce-list mailing list fedora-announce-list@redhat.com fedora-announce-list Info Page

Change Log

References

Fedora Update Notification FEDORA-2004-059 2004-01-26 Name : slocate Version : 2.7 Release : 4 Summary : Finds files on a system via a central database. Description : Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system.

Update Instructions

Severity
Name : slocate
Version : 2.7
Release : 4
Summary : Finds files on a system via a central database.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved