Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat Linux: RHSA-2000:128-02 Critical: Slocate Heap Overflow

red hat
Calendar Grey December 19, 2000
Dist Redhat Esm H88
The latest revisions of slocate software tackle a critical security flaw linked to local group abuse stemming from a heap overflow in Red Hat Linux systems.
By using a carefully crafted database, a local user could overwrite some of slocate's internal structures, leading to a local group slocate compromise.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed ( for more info):

21388 - heap corruption vulnerability

6. RPMs required:

Red Hat Linux 6.0:

SRPMS:


alpha:


i386:


sparc:


Red Hat Linux 6.1:

SRPMS:


alpha:




i386:


sparc:


Red Hat Linux 6.2:

SRPMS:





alpha:


i386:


sparc:


Red Hat Linux 7.0:

SRPMS:


alpha:


i386:




7. Verification:

MD5 sum Package Name ba211d65172160c4a6cba5a65bd93f60 6.0/alpha/slocate-2.4-0.6.x.alpha.rpm 8b63c4c1fec7759f79559a616c5f15e9 6.0/i386/slocate-2.4-0.6.x.i386.rpm eeea0298b59fdfa6e475ee732a385942 6.0/sparc/slocate-2.4-0.6.x.sparc.rpm ba211d65172160c4a6cba5a65bd93f60 6.1/alpha/slocate-2.4-0.6.x.alpha.rpm 8b63c4c1fec7759f79559a616c5f15e9 6.1/i386/slocate-2.4-0.6.x.i386.rpm eeea0298b59fdfa6e475ee732a385942 6.1/sparc/slocate-2.4-0.6.x.sparc.rpm ba211d65172160c4a6cba5a65bd93f60 6.2/alpha/slocate-2.4-0.6.x.alpha.rpm 8b63c4c1fec7759f79559a616c5f15e9 6.2/i386/slocate-2.4-0.6.x.i386.rpm eeea0298b59fdfa6e475ee732a385942 6.2/sparc/slocate-2.4-0.6.x.sparc.rpm 5ee5ec5f65e200e9d03f4d2dda43ce07 7.0/alpha/slocate-2.4-1.alpha.rpm ba3b1c1743ec957cb8abb05818e05854 7.0/i386/slocate-2.4-1.i386.rpm 53abff41632acc6764c14ba59384cf84 6.0/SRPMS/slocate-2.4-0.6.x.src.rpm 53abff41632acc6764c14ba59384cf84 6.1/SRPMS/slocate-2.4-0.6.x.src.rpm 53abff41632acc6764c14ba59384cf84 6.2/SRPMS/slocate-2.4-0.6.x.src.rpm 2672ef24c8ca7afbcb6a327622d71c42 7.0/SRPMS/slocate-2.4-1.src.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:


You can verify each package with the following command: rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

Summary

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2000:128-02
Issue date: 2000-12-19
Updated on: 2000-12-19
Product: Red Hat Linux
Keywords: slocate heap overflow
Cross references:

Topic

Relevant Releases Architectures

Red Hat Linux 6.0 - alpha, i386, sparc

Red Hat Linux 6.1 - alpha, i386, sparc

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here