---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-059
2004-01-26
---------------------------------------------------------------------

Name        : slocate
Version     : 2.7                      
Release     : 4                  
Summary     : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files which match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

---------------------------------------------------------------------
Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up to and
including 2.7 where a carefully crafted database could overflow a
heap-based buffer. A local user could exploit this vulnerability to gain
"slocate" group privileges and then read the entire slocate database. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0848 to this issue.
 
Users of Slocate should upgrade to these packages which contain a
patch from Kevin Lindsay which causes slocate to drop privileges before
reading a user-supplied database.
---------------------------------------------------------------------
* Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

- drop privs for non slocate gid databases (CAN-2003-0848)
- update to 2.7


---------------------------------------------------------------------
This update can be downloaded from:
    

01bf7fd37e5eeb0f4ec4bdc09a4f236e  SRPMS/slocate-2.7-4.src.rpm
ecec8659907bbbe65297b634d930b9ae  i386/slocate-2.7-4.i386.rpm
33661442e2657b361a64acac29e0cea8  i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com 
fedora-announce-list Info Page

Fedora: slocate Heap overflow vulnerability

January 26, 2004
A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database.

Summary

Slocate is a security-enhanced version of locate. Just like locate,

slocate searches through a central database (which is updated nightly)

for files which match a given pattern. Slocate allows you to quickly

find files anywhere on your system.

Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0848 to this issue.

Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database. * Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

- drop privs for non slocate gid databases (CAN-2003-0848) - update to 2.7


This update can be downloaded from:


01bf7fd37e5eeb0f4ec4bdc09a4f236e SRPMS/slocate-2.7-4.src.rpm ecec8659907bbbe65297b634d930b9ae i386/slocate-2.7-4.i386.rpm 33661442e2657b361a64acac29e0cea8 i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can l...

Read the Full Advisory

Change Log

References

Fedora Update Notification FEDORA-2004-059 2004-01-26 Name : slocate Version : 2.7 Release : 4 Summary : Finds files on a system via a central database. Description : Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system.

Update Instructions

Severity
Name : slocate
Version : 2.7
Release : 4
Summary : Finds files on a system via a central database.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved