-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mc (SSA:2004-136-01)

New mc packages are available for Slackware 9.0, 9.1, and -current to
fix security issues that These could lead to a denial of service or the
execution of arbitrary code as the user running mc.

Sites that use mc should upgrade to the new mc package.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Fri May 14 15:11:37 PDT 2004
patches/packages/mc-4.6.0-i486-2.tgz:  Patched to fix buffer overflow,
  format string, and temporary file creation vulnerabilities found by
  Andrew V. Samoilov and Pavel Roskin.  These could lead to a denial of
  service or the execution of arbitrary code as the user running mc.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 9.0:

Updated package for Slackware 9.1:

Updated package for Slackware -current:


MD5 signatures:
+-------------+

Slackware 9.0 package:
e74a8dcdd90f2846e4bbac75a154ad39  mc-4.6.0-i386-2.tgz

Slackware 9.1 package:
ac580a4f3556aaae92be0fd754866a55  mc-4.6.0-i486-2.tgz

Slackware -current package:
ce9b9ab338ee114c5d9038e8420db1e7  mc-4.6.0-i486-2.tgz


Installation instructions:
+------------------------+

Upgrade the mc package as root:
# upgradepkg mc-4.6.0-i486-2.tgz


+-----+

Slackware: 2004-136-01: mc Security Update

May 17, 2004
New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the use...

Summary

Here are the details from the Slackware 9.1 ChangeLog: Fri May 14 15:11:37 PDT 2004 patches/packages/mc-4.6.0-i486-2.tgz: Patched to fix buffer overflow, format string, and temporary file creation vulnerabilities found by Andrew V. Samoilov and Pavel Roskin. These could lead to a denial of service or the execution of arbitrary code as the user running mc. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232 (* Security fix *)

Where Find New Packages

Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware -current:

MD5 Signatures

Slackware 9.0 package: e74a8dcdd90f2846e4bbac75a154ad39 mc-4.6.0-i386-2.tgz
Slackware 9.1 package: ac580a4f3556aaae92be0fd754866a55 mc-4.6.0-i486-2.tgz
Slackware -current package: ce9b9ab338ee114c5d9038e8420db1e7 mc-4.6.0-i486-2.tgz

Severity
[slackware-security] mc (SSA:2004-136-01)
New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc.
Sites that use mc should upgrade to the new mc package.
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232

Installation Instructions

Installation instructions: Upgrade the mc package as root: # upgradepkg mc-4.6.0-i486-2.tgz

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved