Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorysoftware patchFedora CoreFedora Core 5: FEDORA-2006-260 Critical MC Package Update Details
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-260 2006-04-03 ---------------------------------------------------------------------Product : Fedora Core 5 Name : mc Version : 4.6.1a Release : 12.FC5 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. ---------------------------------------------------------------------* Thu Mar 16 2006 Jindrich Novy 4.6.1a-12.FC5 - apply more robust version of FISH upload patch, thanks to Dmitry Butskoy (#186456) - drop .promptfix patch so that prompt is displayed only once while in panels * Thu Mar 16 2006 Jindrich Novy 4.6.1a-11 - display the Layout dialog correctly on console (#185189) ---------------------------------------------------------------------This update can be downloaded from: c8d60c78ca6cf71299a51834f6db8aa7f008298c SRPMS/mc-4.6.1a-12.FC5.src.rpm f9a85e20544ca6a6ce089ecad54a18149eecd8f1 ppc/mc-4.6.1a-12.FC5.ppc.rpm 782694aa80df99f89b058cf6368aace3aa7dcf83 ppc/debug/mc-debuginfo-4.6.1a-12.FC5.ppc.rpm 7364edf6e992dbc0d98d438c23fa537436e6c560 x86_64/mc-4.6.1a-12.FC5.x86_64.rpm cdbe9f42daebf4d416a6b5788b818c95d6a1f886 x86_64/debug/mc-debuginfo-4.6.1a-12.FC5.x86_64.rpm 28c452b800e62eefd9fb3bf56838ace558752607 i386/mc-4.6.1a-12.FC5.i386.rpm f29673446435fb83e625f3a4a1714cafe025e97f i386/debug/mc-debuginfo-4.6.1a-12.FC5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at. ----------------------------------------------------------------------- fedora-announce-list mailing list
Apr 03, 2006
•Critical
Fedora
89
security advisorymoderateupdateFedora Core 3: FEDORA-2005-889 Moderate: mc FTP & Samba Update
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-889 2005-09-14 ---------------------------------------------------------------------Product : Fedora Core 3 Name : mc Version : 4.6.1 Release : 2.FC3 Summary : A user-friendly file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. ---------------------------------------------------------------------* Wed Sep 14 2005 Jindrich Novy 4.6.1-2.FC3 - fix segfault when copying symlinks of a particular type and fix creation of dangled symlinks (#168184) - don't hang when ftpfs connection times out - Hans de Goede (#166976) - backport the new Find dialog from upstream (#167493) - highlight "%check" in spec files (Mike A. Harris) - enable samba vfs ---------------------------------------------------------------------This update can be downloaded from: 5b09be1aa870c93e55d392dcc6a2cf02 SRPMS/mc-4.6.1-2.FC3.src.rpm df0806b06e13b12280e8aebb292f17c6 x86_64/mc-4.6.1-2.FC3.x86_64.rpm 0ba37b789833b247e24907d0e5e06ccd x86_64/debug/mc-debuginfo-4.6.1-2.FC3.x86_64.rpm e0aefd845871cd7ec9d320518ba3b60c i386/mc-4.6.1-2.FC3.i386.rpm e4a7bf62cd634cb93fc5ab9d7a96b2b8 i386/debug/mc-debuginfo-4.6.1-2.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ----------------------------------------------------------------------- fedora-announce-list mailing list
Sep 14, 2005
Fedora
89
security advisorysoftware updatemoderate severityFedora Core 3 FEDORA-2005-103 Moderate Update Mc Package
The updated mc package contains the latest release candidate, mc-4.6.1-pre3 and many bugfixes.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-103 2005-02-02 ---------------------------------------------------------------------Product : Fedora Core 3 Name : mc Version : 4.6.1 Release : 0.12.FC3 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. ---------------------------------------------------------------------Update Information: The updated mc package contains the latest release candidate, mc-4.6.1-pre3 and many bugfixes. ---------------------------------------------------------------------* Tue Feb 01 2005 Jindrich Novy 4.6.1-0.12.FC3 - update to the latest release candidate mc-4.6.1-pre3 - drop BuildRequires gettext-devel - merged all UTF-8 related patches to single .utf8 patch - add patch to fix mc logo in help - rewrote mbstrlen() in utf8 patch, this fixes: - dir name truncation in command prompt for ja_JP, ko_KR locales (#142706) - localized texts will fit dialog windows and pull-down menus - tweak create_menu() - dialog titles are centered correctly - convert hints for ru, uk, zh, man page conversion fix ---------------------------------------------------------------------This update can be downloaded from: a2751add236c3ee14e570f9ee2bf1311 SRPMS/mc-4.6.1-0.12.FC3.src.rpm ce4785c48ec9ea1ccdec11643910d6a4 x86_64/mc-4.6.1-0.12.FC3.x86_64.rpm 2ec5ef2c7cbb5ca749816798a51ac732 x86_64/debug/mc-debuginfo-4.6.1-0.12.FC3.x86_64.rpm 133eb0d872d29feb034e4ab1cfe8347d i386/mc-4.6.1-0.12.FC3.i386.rpm 3131ebe9a6bea6167b1a7b09b10cc327 i386/debug/mc-debuginfo-4.6.1-0.12.FC3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Feb 02, 2005
Fedora
98
security advisorysecurity issuecriticalRed Hat Enterprise Linux 2.1 RHSA-2004:464-02 Critical Shell Escape Issue
An updated mc package that resolves several shell escape security issues is now available.. --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mc package resolves security vulnerabilities Advisory ID: RHSA-2004:464-02 Advisory URL: https://access.redhat.com/errata/RHSA-2004:464.html Issue date: 2005-01-05 Updated on: 2005-01-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0494 ---------------------------------------------------------------------1. Summary: An updated mc package that resolves several shell escape security issues is now available. [Updated 5 January 2005] Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Midnight Commander (mc) is a visual shell much like a file manager. Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Users of mc should upgrade to this updated package which contains backported patches and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guidespecific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 127974 - CAN-2004-0494 extfs vfs vulnerability in mc 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm i386: 565ad0abe3823a8c003e585ebc44556c gmc-4.5.51-36.4.i386.rpm 10f69a32fd981ffcb2c018e070ca9b62 mc-4.5.51-36.4.i386.rpm 100b1d71bd280502b5db3809b56f3a48 mcserv-4.5.51-36.4.i386.rpm ia64: 998718f8ed57261a5553abbfd9a0b44b gmc-4.5.51-36.4.ia64.rpm 662118226d4084bbe6e67f19f7918af1 mc-4.5.51-36.4.ia64.rpm 03e4390ff9254bdd57c08fdc7ca76f4a mcserv-4.5.51-36.4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm ia64: 998718f8ed57261a5553abbfd9a0b44b gmc-4.5.51-36.4.ia64.rpm 662118226d4084bbe6e67f19f7918af1 mc-4.5.51-36.4.ia64.rpm 03e4390ff9254bdd57c08fdc7ca76f4a mcserv-4.5.51-36.4.ia64.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm i386: 565ad0abe3823a8c003e585ebc44556c gmc-4.5.51-36.4.i386.rpm 10f69a32fd981ffcb2c018e070ca9b62 mc-4.5.51-36.4.i386.rpm 100b1d71bd280502b5db3809b56f3a48 mcserv-4.5.51-36.4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2004-0494 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . The latest mc package provided by Red Hat addresses shell escape vulnerabilities while improving overall security measures. Ensure to verify available updates.. Red Hat Enterprise Linux, MC Package Update, Shell Escape Fix, Linux Patching. . Severity: Critical. LinuxSecurity.comTeam
Jan 05, 2005
•Critical
Red Hat
98
security advisorysecurity issueupdateRed Hat Enterprise Linux 2.1 RHSA-2004:464-01 Critical: Shell Escape Threat
An updated mc package that resolves several shell escape security issues isnow available.. --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mc package resolves security vulnerabilities Advisory ID: RHSA-2004:464-01 Issue date: 2004-09-15 Updated on: 2004-09-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0494 --------------------------------------------------------------------- 1. Summary: An updated mc package that resolves several shell escape security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Midnight Commander (mc) is a visual shell much like a file manager. Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Users of mc should upgrade to this updated package which contains backported patches and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 127974 - CAN-2004-0494 extfs vfs vulnerability in mc 6. RPMs required: Red HatEnterprise Linux AS (Advanced Server) version 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm i386: 10f69a32fd981ffcb2c018e070ca9b62 mc-4.5.51-36.4.i386.rpm ia64: 662118226d4084bbe6e67f19f7918af1 mc-4.5.51-36.4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm ia64: 662118226d4084bbe6e67f19f7918af1 mc-4.5.51-36.4.ia64.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: afec2c565d6a6ddef751653eebaa3ad6 mc-4.5.51-36.4.src.rpm i386: 10f69a32fd981ffcb2c018e070ca9b62 mc-4.5.51-36.4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from 7. References: CVE -CVE-2004-0494 8. Contact: The Red Hat security contact is . More contact details at Copyright 2004 Red Hat, Inc. . The newest xy tool resolves command injection risks while recommending Ubuntu users to apply advised patches across multiple environments.. Red Hat Security Advisory, mc Package Update, Shell Escape Issues, Security Updates. . Severity: Critical. LinuxSecurity.com Team
Sep 15, 2004
•Critical
Red Hat
99
security advisoryDoSarbitrary code executionSlackware 9.0, 9.1 -current: SSA:2004-136-01 moderate: mc DoS Risk
New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc. Sites that use mc should upgrade to the new mc package. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mc (SSA:2004-136-01) New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc. Sites that use mc should upgrade to the new mc package. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0226 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0231 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0232 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Fri May 14 15:11:37 PDT 2004 patches/packages/mc-4.6.0-i486-2.tgz: Patched to fix buffer overflow, format string, and temporary file creation vulnerabilities found by Andrew V. Samoilov and Pavel Roskin. These could lead to a denial of service or the execution of arbitrary code as the user running mc. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0226 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0231 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0232 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 9.0 package: e74a8dcdd90f2846e4bbac75a154ad39 mc-4.6.0-i386-2.tgz Slackware 9.1 package: ac580a4f3556aaae92be0fd754866a55 mc-4.6.0-i486-2.tgz Slackware -current package: ce9b9ab338ee114c5d9038e8420db1e7 mc-4.6.0-i486-2.tgz Installation instructions: +------------------------+ Upgrade the mc package as root: #upgradepkg mc-4.6.0-i486-2.tgz +-----+ . Users are advised about mc updates addressing potential Denial of Service and code execution vulnerabilities in Slackware 9.0, 9.1, and -current. Apply patches. mc Security Update, DoS Risk Mitigation, Slackware Packages. . LinuxSecurity.com Team
May 17, 2004
Slackware
87
security advisorysecurity issuedebianDebian: 2020-0010 Moderate: Local DoS Vulnerability in mc cons.saver
cons.saver does not check if it is started with a valid stdout, potentially causing a denial of service.. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory
Nov 25, 2000
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!