| |||||||||||||
Red Hat alert RHSA-2005:346-01 (slocate)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: slocate security update Advisory ID: RHSA-2005:346-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-346.html Issue date: 2005-10-05 Updated on: 2005-10-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2499 - --------------------------------------------------------------------- 1. Summary: An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb's file system scan to fail silently, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Additionally this update addresses the following issues: - - File system type exclusions were processed only when starting updatedb and did not reflect file systems mounted while updatedb was running (for example, automounted file systems.) - - File system type exclusions were ignored for file systems that were mounted to a path containing a symbolic link. - - Databases created by slocate were owned by the slocate group even if they were created by regular users. - - The default configuration excluded /mnt/floppy, but not /media. - - The default configuration did not exclude nfs4 file systems. Users of slocate are advised to upgrade to this updated package, which contains backported patches and is not affected by these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139950 - slocate collects .automount files over nfs 152253 - Incorrect path in /etc/updatedb.conf 156091 - updatedb indexes nfs4 filesystems 165430 - CAN-2005-2499 slocate DOS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sloca... c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm ppc: 790b0129014db4f62fb735cc6da16773 slocate-2.7-13.el4.6.ppc.rpm s390: d990745ab56de4211e3912c915d8f8ef slocate-2.7-13.el4.6.s390.rpm s390x: 441e2ccafcd7f1aed2a17b26d310eaf4 slocate-2.7-13.el4.6.s390x.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/... c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sloca... c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sloca... c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDQ9hAXlSAg2UNWIIRAtSDAJ0ce1icZ0EhmGu9PAqGfOFrdkw1UQCeIBfR hsV+Yw7q+OU6tLrkIQKQBs4= =SbeS -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-... (Log in to post comments)
|
|||||||||||||