Fedora Update Notification
FEDORA-2004-112
2004-04-30
---------------------------------------------------------------------

Name        : mc
Version     : 4.6.0                      
Release     : 14.10                  
Summary     : User-friendly text console file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.

---------------------------------------------------------------------
Update Information:

Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander.  These vulnerabilities were
discovered mostly by Andrew V. Samoilov and Pavel Roskin.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these
issues.

---------------------------------------------------------------------
* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14.10

- don't use mmap if st_size doesn't fit into size_t
- fix one missed match_normal -> match_regex
- rebuilt for FC1 updates

* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14

- avoid buffer overflows in mcedit Replace function

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-13

- perl scripting fix

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-12

- fix a bug in complete.c introduced by last patch
- export MC_TMPDIR env variable
- avoid integer overflows in free diskspace % counting
- put temporary files into $MC_TMPDIR tree if possible,
  use mktemp/mkdtemp

* Mon Apr 05 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-11

- fix a bunch of buffer overflows and memory leaks (CAN-2004-0226)
- fix hardlink handling in cpio filesystem
- fix handling of filenames with single/double quotes and backslashes
  in /usr/share/mc/extfs/rpm
- update php.syntax file (#112645)
- fix crash with large syntax file (#112644)
- update CAN-2003-1023 fix to still make vfs symlinks relative,
  but with bounds checking

---------------------------------------------------------------------
This update can be downloaded from:
    

b032b48a63ae1f70296d541e470bd9df  SRPMS/mc-4.6.0-14.10.src.rpm
a7ccdcc1744b3ebb1c14842d5a94a437  i386/mc-4.6.0-14.10.i386.rpm
b4a4085af11f8bb7da015080e9ae9301  i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
4dbc04a7c8795eeb5098a6d8a87ed38b  x86_64/mc-4.6.0-14.10.x86_64.rpm
6c3a6ec0e4a85269be2438791c7eb2e7  x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: mc Multiple vulnerabilities

May 10, 2004
Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander.

Summary

Midnight Commander is a visual shell much like a file manager, only

with many more features. It is a text mode application, but it also

includes mouse support if you are running GPM. Midnight Commander's

best features are its ability to FTP, view tar and zip files, and to

poke into RPMs for specific files.

Update Information:

Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues.

* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14.10

- don't use mmap if st_size doesn't fit into size_t - fix one missed match_normal -> match_regex - rebuilt for FC1 updates

* Fri Apr 16 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-14

- avoid buffer overflows in mcedit Replace function

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-13

- perl scripting fix

* Wed Apr 14 2004 Jakub Jelinek <jakub@redhat.com> 4.6.0-12

- fix a bug in complete.c introduced by last patch - export MC_TMPDIR env variable - avoid integer overflows in free diskspace % countin...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-112 2004-04-30 Name : mc Version : 4.6.0 Release : 14.10 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files.

Update Instructions

Severity
Name : mc
Version : 4.6.0
Release : 14.10
Summary : User-friendly text console file manager and visual shell.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved