MDKSA-2003:015

Package name

slocate

Date

2003-02-05

Advisory ID

MDKSA-2003:015

Affected versions

8.1 i586 , 8.1 i586 , 8.0 i586 , 9.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586

Problem description

A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.

Updated packages

8.1 i586

 528cc4fd94ff389388dd45c8e1dca6f4  ia64/8.1/RPMS/slocate-2.7-1.1mdk.ia64.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ia64/8.1/SRPMS/slocate-2.7-1.1mdk.src.rpm

8.1 i586

 4f58bc73e4f63394f20059bd47fe1e89  8.1/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.1/SRPMS/slocate-2.7-1.1mdk.src.rpm

8.0 i586

 5baaca0c9cc000a0e8f1fb92623440f2  8.0/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.0/SRPMS/slocate-2.7-1.1mdk.src.rpm

9.0 i586

 f400580184fcedab1b91fae6d7ce3b26  9.0/RPMS/slocate-2.7-1.2mdk.i586.rpm
8a39b27b8f9a3c6e475182e33c27e7e7  9.0/SRPMS/slocate-2.7-1.2mdk.src.rpm

8.2 i586

 9db2f05b4bf339295ba162aab90b559e  8.2/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.2/SRPMS/slocate-2.7-1.1mdk.src.rpm

8.0 i586

 7c9478ef57bc4db0fb460df429e21b0c  ppc/8.0/RPMS/slocate-2.7-1.1mdk.ppc.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ppc/8.0/SRPMS/slocate-2.7-1.1mdk.src.rpm

8.2 i586

 9a8292e6a09676e54492824f28e3bfa9  ppc/8.2/RPMS/slocate-2.7-1.1mdk.ppc.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ppc/8.2/SRPMS/slocate-2.7-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
• http://www.usg.org.uk/advisories/2003.001.txt