|
|
| Problem Description |
A buffer overflow was discovered in mc's virtual filesystem code.
This vulnerability could allow remote attackers to execute arbitrary
code during symlink conversion.
The updated packages have been patched to correct the problem.
| Updated Packages |
Mandrakelinux 9.1
62e5337a90f9bd712f9bb125d0140fb3 9.1/RPMS/mc-4.6.0-4.1.91mdk.i586.rpm fd218112b274a0dd6bb920baa84b31a8 9.1/SRPMS/mc-4.6.0-4.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC
3c217e26bef6c2d9c9c98cf13ddcf51c ppc/9.1/RPMS/mc-4.6.0-4.1.91mdk.ppc.rpm fd218112b274a0dd6bb920baa84b31a8 ppc/9.1/SRPMS/mc-4.6.0-4.1.91mdk.src.rpm
Mandrakelinux 9.2
47f0fb32e7ffb1a85a6f0f2680bc6221 9.2/RPMS/mc-4.6.0-4.1.92mdk.i586.rpm edd4a1feb126d7cf7e2b74ccbc0997bf 9.2/SRPMS/mc-4.6.0-4.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
bcabfcfdaaf3f3659cf9115ac6c02f9a amd64/9.2/RPMS/mc-4.6.0-4.1.92mdk.amd64.rpm edd4a1feb126d7cf7e2b74ccbc0997bf amd64/9.2/SRPMS/mc-4.6.0-4.1.92mdk.src.rpm
Corporate Server 2.1
38317ed34ca1a0ce54018c85d808106a corporate/2.1/RPMS/mc-4.5.55-10.1.C21mdk.i586.rpm 1dd6c6ffab24a3ce7b57242c6912a44e corporate/2.1/RPMS/mcserv-4.5.55-10.1.C21mdk.i586.rpm 46277f91fbcdce43d6c142d912e87297 corporate/2.1/SRPMS/mc-4.5.55-10.1.C21mdk.src.rpm
Corporate Server 2.1/X86_64
751dbc6182f482731db02998137d49d0 x86_64/corporate/2.1/RPMS/mc-4.5.55-10.1.C21mdk.x86_64.rpm cd3f95e756d6f5144d107f277429834d x86_64/corporate/2.1/RPMS/mcserv-4.5.55-10.1.C21mdk.x86_64.rpm 46277f91fbcdce43d6c142d912e87297 x86_64/corporate/2.1/SRPMS/mc-4.5.55-10.1.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.