|
|
| Problem Description |
A vulnerability was discovered by Patrik Hornik in slocate versions up
to and including 2.7 where a carefully crafted database could overflow
a heap-based buffer. This could be exploited by a local user to gain
privileges of the 'slocate' group. The updated packages contain a
patch from Kevin Lindsay that causes slocate to drop privileges before
reading a user-supplied database.
| Updated Packages |
Mandrakelinux 9.1
178a0c6c116e64c67887c56fcf8f24ff 9.1/RPMS/slocate-2.7-2.1.91mdk.i586.rpm b33e093e2178db9b22b8c7dc84f506d2 9.1/SRPMS/slocate-2.7-2.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC
d77bee6d3e3dfb380b78feedb2647f51 ppc/9.1/RPMS/slocate-2.7-2.1.91mdk.ppc.rpm b33e093e2178db9b22b8c7dc84f506d2 ppc/9.1/SRPMS/slocate-2.7-2.1.91mdk.src.rpm
Mandrakelinux 9.2
d84f9a28b73dce95ef8948efcec4129b 9.2/RPMS/slocate-2.7-2.1.92mdk.i586.rpm c69b0fd21ff789e387609eef25765f07 9.2/SRPMS/slocate-2.7-2.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
6ebc353d5ea7c470dfc23020fc29d80a amd64/9.2/RPMS/slocate-2.7-2.1.92mdk.amd64.rpm c69b0fd21ff789e387609eef25765f07 amd64/9.2/SRPMS/slocate-2.7-2.1.92mdk.src.rpm
Corporate Server 2.1
671ffe86f5f126c12cef97de694a382c corporate/2.1/RPMS/slocate-2.7-2.1.C21mdk.i586.rpm a8bc7ae36c40ab05cda054c0faee616a corporate/2.1/SRPMS/slocate-2.7-2.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64
4ef15319c849f40ee280a78809e2792e x86_64/corporate/2.1/RPMS/slocate-2.7-2.1.C21mdk.x86_64.rpm a8bc7ae36c40ab05cda054c0faee616a x86_64/corporate/2.1/SRPMS/slocate-2.7-2.1.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0848
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.