RedHat: Moderate: mc security update

    Date03 Mar 2005
    CategoryRed Hat
    5901
    Posted ByJoe Shakespeare
    Updated mc packages that fix multiple security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: mc security update
    Advisory ID:       RHSA-2005:217-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-217.html
    Issue date:        2005-03-04
    Updated on:        2005-03-04
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2004-1004 CAN-2004-1005 CAN-2004-1176
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated mc packages that fix multiple security issues are now available.
    
    This update has been rated as having moderate security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
    Red Hat Linux Advanced Workstation 2.1 - ia64
    Red Hat Enterprise Linux WS version 2.1 - i386
    
    3. Problem description:
    
    Midnight Commander (mc) is a visual shell, much like a file manager.
    
    Several format string bugs were found in Midnight Commander. If a user is
    tricked by an attacker into opening a specially crafted path with mc, it
    may be possible to execute arbitrary code as the user running Midnight
    Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CAN-2004-1004 to this issue.
    
    Several buffer overflow bugs were found in Midnight Commander. If a user is
    tricked by an attacker into opening a specially crafted file or path
    with mc, it may be possible to execute arbitrary code as the user running
    Midnight Commander. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2004-1005 to this issue.
    
    A buffer underflow bug was found in Midnight Commander. If a malicious
    local user is able to modify the extfs.ini file, it could be possible to
    execute arbitrary code as a user running Midnight Commander. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
    CAN-2004-1176 to this issue.
    
    Users of mc should upgrade to these updated packages, which contain a
    backported patch, and are not vulnerable to this issue.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    148864 - CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mc-4.5.51-36.6.src.rpm
    0280014f6cce24b5a7e86224d1a4c20e  mc-4.5.51-36.6.src.rpm
    
    i386:
    f9cf57bc299aff9a913dfd4801bf962d  gmc-4.5.51-36.6.i386.rpm
    34fab95940f7bd986db806c30abf2264  mc-4.5.51-36.6.i386.rpm
    dd976aa43c29b97804a1149cc64c56e4  mcserv-4.5.51-36.6.i386.rpm
    
    ia64:
    6f6c8b333239ba869ea8f32e05d9cf04  gmc-4.5.51-36.6.ia64.rpm
    012c0f617c2dd9593f53fa8c25839489  mc-4.5.51-36.6.ia64.rpm
    f067178eaa407dc355cd1e5b5d536b44  mcserv-4.5.51-36.6.ia64.rpm
    
    Red Hat Linux Advanced Workstation 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mc-4.5.51-36.6.src.rpm
    0280014f6cce24b5a7e86224d1a4c20e  mc-4.5.51-36.6.src.rpm
    
    ia64:
    6f6c8b333239ba869ea8f32e05d9cf04  gmc-4.5.51-36.6.ia64.rpm
    012c0f617c2dd9593f53fa8c25839489  mc-4.5.51-36.6.ia64.rpm
    f067178eaa407dc355cd1e5b5d536b44  mcserv-4.5.51-36.6.ia64.rpm
    
    Red Hat Enterprise Linux WS version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mc-4.5.51-36.6.src.rpm
    0280014f6cce24b5a7e86224d1a4c20e  mc-4.5.51-36.6.src.rpm
    
    i386:
    f9cf57bc299aff9a913dfd4801bf962d  gmc-4.5.51-36.6.i386.rpm
    34fab95940f7bd986db806c30abf2264  mc-4.5.51-36.6.i386.rpm
    dd976aa43c29b97804a1149cc64c56e4  mcserv-4.5.51-36.6.i386.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295261
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1004
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1005
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1176
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"2","type":"x","order":"1","pct":28.57,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"3","type":"x","order":"4","pct":42.86,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.