Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryhigh severityFedora CoreFedora Core 4: 2024-0011 High: mc extfs Security Patch Released
The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2004-514 2004-12-07 ---------------------------------------------------------------------Product : Fedora Core 3 Name : mc Version : 4.6.1 Release : 0.11FC3 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. ---------------------------------------------------------------------Update Information: The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support. The version is also one of the release candidates: mc-4.6.1-pre1a. ---------------------------------------------------------------------* Wed Dec 01 2004 Jindrich Novy 4.6.1-0.11FC3 - update from CVS - fix #141095 - extraction of symlinks from tarfs is now fine - add growbuf patch from Roland Illig #141422 to view files in /proc and /sys properly * Wed Nov 24 2004 Jindrich Novy 4.6.1-0.10 - update from CVS - update promptfix patch, drop upstreamed strippwd patch - add badsize patch to fix displaying of filesizes > 2GB - sync UTF-8 patches with upstream - replace autogen.sh style with configure * Fri Nov 12 2004 Jindrich Novy - convert man pages to UTF-8 (#138871) ---------------------------------------------------------------------This update can be downloaded from: bb832b8f8ea36357a0cdb30e594c7d2f SRPMS/mc-4.6.1-0.11FC3.src.rpm 367e2f6ee54d4cdfebccb5855c6c9ddf x86_64/mc-4.6.1-0.11FC3.x86_64.rpm 07f2468bd781b534f222c6099fa1d946 x86_64/debug/mc-debuginfo-4.6.1-0.11FC3.x86_64.rpm d16cbbf94efe2f77a9ed63fe66467d08 i386/mc-4.6.1-0.11FC3.i386.rpm 37d33fe20531bb6779e5805662056ad8 i386/debug/mc-debuginfo-4.6.1-0.11FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------Jindrich Novy , https://people.redhat.com/jnovy/ --fedora-announce-list mailing list
Dec 07, 2004
Fedora
89
security advisorymoderatesecurity fixFedora Core 2: 2004-273 Moderate: mc extfs vfs Vulnerability
Security fix for extfs vfs vulnerability in mc.. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-273 2004-09-01 --------------------------------------------------------------------- Product : Fedora Core 2 Name : mc Version : 4.6.0 Release : 17.fc2 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Security fix for https://bugzilla.redhat.com/show_bug.cgi?id=127973. CAN-2004-0494 extfs vfs vulnerability in mc --------------------------------------------------------------------- * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17.fc2 - 3 more quoting omissions in a.in * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17 - fix shell quoting in extfs perl scripts (Leonard den Ottolander, #127973, CAN-2004-0494) * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: aadb93bb8a2b047c79a4c5be7da28edb SRPMS/mc-4.6.0-17.fc2.src.rpm 2907d996d845c03dd9ff5cc0bcf1ec84 x86_64/mc-4.6.0-17.fc2.x86_64.rpm 10fa4d7b2d7e7abc48015d23004c903b x86_64/debug/mc-debuginfo-4.6.0-17.fc2.x86_64.rpm 5da38fc92a6d8f57148d57eab6f6f251 i386/mc-4.6.0-17.fc2.i386.rpm 11104e0480ab66addf52e4f30b9e9870 i386/debug/mc-debuginfo-4.6.0-17.fc2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Update to address extfs vfs vulnerability in Midnight Commander forFedora Core 2, boosting comprehensive security measures.. Fedora Core 2, extfs issue, Midnight Commander, security patch, software management. . LinuxSecurity.com Team
Sep 01, 2004
Fedora
89
security advisorycriticalFedoraFedora Core 1 FEDORA-2004-272 Critical: mc extfs vfs Issue
Security fix for extfs vfs vulnerability in mc. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-272 2004-09-01 --------------------------------------------------------------------- Product : Fedora Core 1 Name : mc Version : 4.6.0 Release : 17.fc1 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Security fix for https://bugzilla.redhat.com/show_bug.cgi?id=127973. CAN-2004-0494 extfs vfs vulnerability in mc --------------------------------------------------------------------- * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17.fc1 - 3 more quoting omissions in a.in * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17 - fix shell quoting in extfs perl scripts (Leonard den Ottolander, #127973, CAN-2004-0494) * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: 49f1c1f5234fc1d81dd3ffa821e04747 SRPMS/mc-4.6.0-17.fc1.src.rpm 78953790d5f583a77788ad4510cd1fe7 x86_64/mc-4.6.0-17.fc1.x86_64.rpm 1a5730f349b0505fac9cc78425402b8d x86_64/debug/mc-debuginfo-4.6.0-17.fc1.x86_64.rpm a731762be96fb7a2e00f4c8229f1d8b7 i386/mc-4.6.0-17.fc1.i386.rpm cbc9a3ba4897d0acc5a7589a8668476b i386/debug/mc-debuginfo-4.6.0-17.fc1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- . Tackling the extfs vfs concern in Fedora Core 1's mc. Reinforcesecurity by applying the most recent patch for CVE-2004-0494.. Fedora Core 1, extfs security, mc update, threat mitigation, file manager security. . Severity: Critical. LinuxSecurity.com Team
Sep 01, 2004
•Critical
Fedora
98
security advisoryupdatered hatRed Hat: RHSA-2004:373-01 Critical: Extfs Threat in GNOME VFS
An attacker who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user.. Red Hat Security Advisory Synopsis: GNOME VFS updates address extfs vulnerability Advisory ID: RHSA-2004:373-01 Issue date: 2004-08-04 Updated on: 2004-08-04 Product: Red Hat Enterprise Linux Keywords: gnome-vfs gnome-vfs2 extfs CVE Names: CAN-2004-0494 - --------------------------------------------------------------------- 1. Summary: Updated GNOME VFS packages that remove potential extfs-related vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for file systems, HTTP, FTP, and others. The extfs backends make it possible to implement file systems for GNOME VFS using scripts. Flaws have been found in several of the GNOME VFS extfs backend scripts. Red Hat Enterprise Linux ships with vulnerable scripts, but they are not used by default. An attacker who is able to influence a user to open a specially-crafted URI using gnome-vfs could perform actions as that user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Users of Red Hat Enterprise Linux should upgrade to these updated packages, which remove these unused scripts. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system havebeen applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/ 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: a4cf8f82b440789276f366536e852588 gnome-vfs-1.0.1-18.1.src.rpm i386: 0d23312d359424e46b0fcb713b0eab85 gnome-vfs-1.0.1-18.1.i386.rpm c7e27477bc25189730309ad69bee1b00 gnome-vfs-devel-1.0.1-18.1.i386.rpm ia64: dc0ed88d802874697908d2b02f83a24c gnome-vfs-1.0.1-18.1.ia64.rpm c9c83b9b1ce79fa7bfdbdf1cdd0c4fb5 gnome-vfs-devel-1.0.1-18.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: a4cf8f82b440789276f366536e852588 gnome-vfs-1.0.1-18.1.src.rpm ia64: dc0ed88d802874697908d2b02f83a24c gnome-vfs-1.0.1-18.1.ia64.rpm c9c83b9b1ce79fa7bfdbdf1cdd0c4fb5 gnome-vfs-devel-1.0.1-18.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: a4cf8f82b440789276f366536e852588 gnome-vfs-1.0.1-18.1.src.rpm i386: 0d23312d359424e46b0fcb713b0eab85 gnome-vfs-1.0.1-18.1.i386.rpm c7e27477bc25189730309ad69bee1b00 gnome-vfs-devel-1.0.1-18.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: a4cf8f82b440789276f366536e852588 gnome-vfs-1.0.1-18.1.src.rpm i386: 0d23312d359424e46b0fcb713b0eab85 gnome-vfs-1.0.1-18.1.i386.rpm c7e27477bc25189730309ad69bee1b00 gnome-vfs-devel-1.0.1-18.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: fbcb6e48b0e04a54383894867a79057d gnome-vfs2-2.2.5-2E.1.src.rpm i386: bf38b8427b6c60a93169a266cca8e8f1 gnome-vfs2-2.2.5-2E.1.i386.rpm f7f903cc6b74cb22153e25c9f78f4311 gnome-vfs2-devel-2.2.5-2E.1.i386.rpm ia64: 9ec0d04f82412d17c699793367a7b980 gnome-vfs2-2.2.5-2E.1.ia64.rpm a0241d4990bbb961452ada3d4aacaceb gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm ppc: 4a471457ca073a26c762cca8fcd3ad88 gnome-vfs2-2.2.5-2E.1.ppc.rpm 1f57211bf9d472e0e5ae6f6b9c1dad26 gnome-vfs2-devel-2.2.5-2E.1.ppc.rpm s390: 14dfeb34e2193f74ae2598511e593ffd gnome-vfs2-2.2.5-2E.1.s390.rpm d11d79d93d7a54a365400f81bf15c522 gnome-vfs2-devel-2.2.5-2E.1.s390.rpm s390x: 177418bc2e61fc5b0f72d08c6c8dcade gnome-vfs2-2.2.5-2E.1.s390x.rpm f70f90a1c8d47770441bcf09330809d1 gnome-vfs2-devel-2.2.5-2E.1.s390x.rpm x86_64: 06271691a5533316f595d9d136204d15 gnome-vfs2-2.2.5-2E.1.x86_64.rpm fba4ca47955f92be0b082c6fa587b14a gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: fbcb6e48b0e04a54383894867a79057d gnome-vfs2-2.2.5-2E.1.src.rpm i386: bf38b8427b6c60a93169a266cca8e8f1 gnome-vfs2-2.2.5-2E.1.i386.rpm f7f903cc6b74cb22153e25c9f78f4311 gnome-vfs2-devel-2.2.5-2E.1.i386.rpm x86_64: 06271691a5533316f595d9d136204d15 gnome-vfs2-2.2.5-2E.1.x86_64.rpm fba4ca47955f92be0b082c6fa587b14a gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: fbcb6e48b0e04a54383894867a79057d gnome-vfs2-2.2.5-2E.1.src.rpm i386: bf38b8427b6c60a93169a266cca8e8f1 gnome-vfs2-2.2.5-2E.1.i386.rpm f7f903cc6b74cb22153e25c9f78f4311 gnome-vfs2-devel-2.2.5-2E.1.i386.rpm ia64: 9ec0d04f82412d17c699793367a7b980 gnome-vfs2-2.2.5-2E.1.ia64.rpm a0241d4990bbb961452ada3d4aacaceb gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm x86_64: 06271691a5533316f595d9d136204d15 gnome-vfs2-2.2.5-2E.1.x86_64.rpm fba4ca47955f92be0b082c6fa587b14a gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: fbcb6e48b0e04a54383894867a79057d gnome-vfs2-2.2.5-2E.1.src.rpm i386: bf38b8427b6c60a93169a266cca8e8f1 gnome-vfs2-2.2.5-2E.1.i386.rpm f7f903cc6b74cb22153e25c9f78f4311 gnome-vfs2-devel-2.2.5-2E.1.i386.rpm ia64: 9ec0d04f82412d17c699793367a7b980 gnome-vfs2-2.2.5-2E.1.ia64.rpm a0241d4990bbb961452ada3d4aacaceb gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm x86_64: 06271691a5533316f595d9d136204d15 gnome-vfs2-2.2.5-2E.1.x86_64.rpm fba4ca47955f92be0b082c6fa587b14a gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm These packagesare GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from 6. References: CVE -CVE-2004-0494 7. Contact: The Red Hat security contact is . More contact details at Copyright 2004 Red Hat, Inc. . Updated GNOME VFS versions address extfs security issues. Boost your protection by upgrading on CentOS 7.. GNOME VFS, Red Hat Security, extfs exploit, Linux updates, package security. . Severity: Critical. LinuxSecurity.com Team
Aug 11, 2004
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!