|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2004-059 (slocate)



From:
    	      Bill Nottingham <notting@redhat.com>


To:
    	      fedora-announce-list@redhat.com


Subject:
    	      [SECURITY] Fedora Core 1 Update: slocate-2.7-4


Date:
    	      Mon, 26 Jan 2004 14:36:38 -0500



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-059
2004-01-26
---------------------------------------------------------------------

Name        : slocate
Version     : 2.7                      
Release     : 4                  
Summary     : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files which match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

---------------------------------------------------------------------
Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up to and
including 2.7 where a carefully crafted database could overflow a
heap-based buffer. A local user could exploit this vulnerability to gain
"slocate" group privileges and then read the entire slocate database. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0848 to this issue.
 
Users of Slocate should upgrade to these packages which contain a
patch from Kevin Lindsay which causes slocate to drop privileges before
reading a user-supplied database.
---------------------------------------------------------------------
* Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

- drop privs for non slocate gid databases (CAN-2003-0848)
- update to 2.7


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

01bf7fd37e5eeb0f4ec4bdc09a4f236e  SRPMS/slocate-2.7-4.src.rpm
ecec8659907bbbe65297b634d930b9ae  i386/slocate-2.7-4.i386.rpm
33661442e2657b361a64acac29e0cea8  i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds