Advisories | Mandriva

Package name	slocate
Date	February 5th, 2003
Advisory ID	MDKSA-2003:015
Affected versions	8.0, 8.1, 8.2, 9.0

Problem Description

A buffer overflow vulnerability was discovered in slocate by team USG.
The overflow appears when slocate is used with the -c and -r
parameters, using a 1024 (or 10240) byte string. This has been
corrected in slocate version 2.7.

Updated Packages

Mandrakelinux 8.0

 5baaca0c9cc000a0e8f1fb92623440f2  8.0/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.0/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 8.0/PPC

 7c9478ef57bc4db0fb460df429e21b0c  ppc/8.0/RPMS/slocate-2.7-1.1mdk.ppc.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ppc/8.0/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 8.1

 4f58bc73e4f63394f20059bd47fe1e89  8.1/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.1/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 8.1/IA64

 528cc4fd94ff389388dd45c8e1dca6f4  ia64/8.1/RPMS/slocate-2.7-1.1mdk.ia64.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ia64/8.1/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 8.2

 9db2f05b4bf339295ba162aab90b559e  8.2/RPMS/slocate-2.7-1.1mdk.i586.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  8.2/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 9a8292e6a09676e54492824f28e3bfa9  ppc/8.2/RPMS/slocate-2.7-1.1mdk.ppc.rpm
a214767ebd21a0abf2b3a0eedd05d5bb  ppc/8.2/SRPMS/slocate-2.7-1.1mdk.src.rpm

Mandrakelinux 9.0

 f400580184fcedab1b91fae6d7ce3b26  9.0/RPMS/slocate-2.7-1.2mdk.i586.rpm
8a39b27b8f9a3c6e475182e33c27e7e7  9.0/SRPMS/slocate-2.7-1.2mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056
http://www.usg.org.uk/advisories/2003.001.txt

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.