Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
172
security advisoryUbuntuimportantUbuntu 20.04 LTS: USN-500-2 Important: Slocate Permission Flaw
A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. . =========================================================== Ubuntu Security Notice USN-425-1 February 22, 2007 slocate vulnerability CVE-2007-0227 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slocate 3.0.beta.r3-1ubuntu0.1 Ubuntu 6.10: slocate 3.1-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 8063 7eecd20fe954bbecc7024601c0ce1260 Size/MD5: 684 d21f5d570fa7c79b1d335d35d7e6a5c7 Size/MD5: 29590 25e8bf6732a801f0470301fa84ef959e amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 32262 9be75b99ab8009aa9692d1b793c41f68 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 30352 75625a80073abc76faf0afa539b30c25 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 31614 2d176a9806e41b00430cdcad7b9c244b sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 30574 de584d717f3c389c1a5759a7f003bb3b Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 8201 e2cac07776d27e0917fb2aa78b8f6d3f Size/MD5: 660 8b06c09cc529037c75aff55035e8a90c Size/MD5: 30051 69b45865ebce0cbfeb430381f0eb8b51 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 32384 d3ea172c7266defbebcdfb59d514b1de i386 architecture (x86 compatible Intel/AMD) Size/MD5: 31136 d1dde1cef1183781bda25b962ab466ec powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 31922 12a84a8029dbeb33bb65ff1a71785767 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 31062 827164a9dee3431fe353bb04c061de97 . Ubuntu Security Notice USN-425-1 details a vulnerability in slocate that risks file visibility and user privacy, urging users to update packages to secure systems. Ubuntu Security, Slocate Issue, Security Advisory. . Severity: Important. LinuxSecurity.com Team
Feb 21, 2007
•Important
Ubuntu
98
security advisorydenial of serviceRed Hat Enterprise LinuxRed Hat Enterprise Linux 4: RHSA-2005:346-01 Low: Slocate DoS
An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: slocate security update Advisory ID: RHSA-2005:346-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:346.html Issue date: 2005-10-05 Updated on: 2005-10-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2499 - ---------------------------------------------------------------------1. Summary: An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb's file system scan to fail silently, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Additionally this update addresses the following issues: - - File system type exclusions were processed only when starting updatedb and did not reflect file systems mounted while updatedb was running (for example, automounted file systems.) - - File system type exclusionswere ignored for file systems that were mounted to a path containing a symbolic link. - - Databases created by slocate were owned by the slocate group even if they were created by regular users. - - The default configuration excluded /mnt/floppy, but not /media. - - The default configuration did not exclude nfs4 file systems. Users of slocate are advised to upgrade to this updated package, which contains backported patches and is not affected by these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139950 - slocate collects .automount files over nfs 152253 - Incorrect path in /etc/updatedb.conf 156091 - updatedb indexes nfs4 filesystems 165430 - CAN-2005-2499 slocate DOS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm ppc: 790b0129014db4f62fb735cc6da16773 slocate-2.7-13.el4.6.ppc.rpm s390: d990745ab56de4211e3912c915d8f8ef slocate-2.7-13.el4.6.s390.rpm s390x: 441e2ccafcd7f1aed2a17b26d310eaf4 slocate-2.7-13.el4.6.s390x.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: c7c0214f195ee403dac138a588bc3e8e slocate-2.7-13.el4.6.src.rpm i386: 631c577185c94d9eb435ad0a792b04a4 slocate-2.7-13.el4.6.i386.rpm ia64: 637f060239a27fc84e57f0c0877840be slocate-2.7-13.el4.6.ia64.rpm x86_64: 76d6a19aafbca5f63e04fd28bceea094 slocate-2.7-13.el4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2499 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Oracle issues a moderate severity patch for rsh addressing security vulnerabilities and issues. Update strongly recommended.. Red Hat Enterprise, slocate update, DOS fix, security update. . Severity: Low. LinuxSecurity.com Team
Oct 05, 2005
•Low
Red Hat
200
security advisorysecurity updateghostscriptScientific Linux: 2005-659-01 Low Severity Updates for SL 302-305
Low: slocate security update. Date: Thu, 29 Sep 2005 10:11:03 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 302,303,304,305 x86_64 now available Comments: To:
Sep 29, 2005
•Low
Scientific Linux
200
security advisorysecurity updateopensshScientific Linux 301-305: Security Updates for Various Components Offered
Low: slocate security update. Date: Thu, 29 Sep 2005 10:08:48 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for SL 301,302,303,304,305 i386 now available Comments: To:
Sep 29, 2005
•Low
Scientific Linux
98
security advisorydenial of servicesecurity updateRed Hat: RHSA-2005:345-01 Moderate: Slocate Service Disruption
An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: slocate security update Advisory ID: RHSA-2005:345-02 Advisory URL: https://access.redhat.com/errata/RHSA-2005:345.html Issue date: 2005-09-28 Updated on: 2005-09-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2499 - ---------------------------------------------------------------------1. Summary: An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb's file system scan to fail silently, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Additionally this update addresses the following issues: - - Files with a size of 2 GB and larger were not entered into the slocate database. - - File system type exclusions were processed only when starting updatedb and did not reflect file systems mounted while updatedb was running (for example, automounted file systems). - - File system type exclusions were ignored for file systems that were mounted to a path containing a symbolic link. - - Databases created by slocate were owned by the slocate group even if they were created by regular users. Users of slocate are advised to upgrade to this updated package, which contains backported patches and is not affected by these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 132571 - Files > 2 GB are not entered into slocate data base 139950 - slocate collects .automount files over nfs 169453 - CAN-2005-2499 slocate DOS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: 0652f2d48a5f5bc146f62ddf18a859a2 slocate-2.7-3.RHEL3.6.src.rpm i386: 7d238c27081ed073269359e79319b7bd slocate-2.7-3.RHEL3.6.i386.rpm ia64: 390fc703afec21d6244c6e2aa1414ec2 slocate-2.7-3.RHEL3.6.ia64.rpm ppc: b07fd76ab3c6716c4253c74cb59c26a3 slocate-2.7-3.RHEL3.6.ppc.rpm s390: 86b77a7eadc28dbe7379728dc816a96e slocate-2.7-3.RHEL3.6.s390.rpm s390x: 4954e1ae86d8a391d44702f871dcfe49 slocate-2.7-3.RHEL3.6.s390x.rpm x86_64: 1086c5a84f92aecc5c29340ea1a8f218 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Desktop version 3: SRPMS: 0652f2d48a5f5bc146f62ddf18a859a2 slocate-2.7-3.RHEL3.6.src.rpm i386: 7d238c27081ed073269359e79319b7bd slocate-2.7-3.RHEL3.6.i386.rpm x86_64: 1086c5a84f92aecc5c29340ea1a8f218 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux ES version3: SRPMS: 0652f2d48a5f5bc146f62ddf18a859a2 slocate-2.7-3.RHEL3.6.src.rpm i386: 7d238c27081ed073269359e79319b7bd slocate-2.7-3.RHEL3.6.i386.rpm ia64: 390fc703afec21d6244c6e2aa1414ec2 slocate-2.7-3.RHEL3.6.ia64.rpm x86_64: 1086c5a84f92aecc5c29340ea1a8f218 slocate-2.7-3.RHEL3.6.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: 0652f2d48a5f5bc146f62ddf18a859a2 slocate-2.7-3.RHEL3.6.src.rpm i386: 7d238c27081ed073269359e79319b7bd slocate-2.7-3.RHEL3.6.i386.rpm ia64: 390fc703afec21d6244c6e2aa1414ec2 slocate-2.7-3.RHEL3.6.ia64.rpm x86_64: 1086c5a84f92aecc5c29340ea1a8f218 slocate-2.7-3.RHEL3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2499 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Red Hat introduces a new version of slocate to tackle denial of service vulnerabilities and other minor concerns related to security.. slocate Update, Red Hat Security, Denial Of Service Fix. . Severity: Low. LinuxSecurity.com Team
Sep 28, 2005
•Low
Red Hat
89
security advisoryupdateFedoraFedora Core 4: 2005-770 Moderate: Slocate Incomplete Database Issue
A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-770 2005-08-22 ---------------------------------------------------------------------Product : Fedora Core 4 Name : slocate Version : 2.7 Release : 22.fc4.1 Summary : Finds files on a system via a central database. Description : Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. ---------------------------------------------------------------------Update Information: A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. ---------------------------------------------------------------------* Tue Aug 9 2005 Miloslav Trmac - 2.7-22.fc4.1 - Replace sl_fs.[ch] by glibc-derived versions - Skip subtrees with paths longer than 32k ---------------------------------------------------------------------This update can be downloaded from: be933a409ee095e558d20b56e6c3aac5 SRPMS/slocate-2.7-22.fc4.1.src.rpm 4456c2873f2cc9a75afa6a9989445d4e ppc/slocate-2.7-22.fc4.1.ppc.rpm 7cb7dfde2ee74b9b282b4ff002d3eb8c ppc/debug/slocate-debuginfo-2.7-22.fc4.1.ppc.rpm 76bddbbc65171d8060a6f2c1a8bfa62d x86_64/slocate-2.7-22.fc4.1.x86_64.rpm 856ef7ffcef6e41eef0e93f23fc57998 x86_64/debug/slocate-debuginfo-2.7-22.fc4.1.x86_64.rpm 50b3461440c9efe25d55f34d79a0272a i386/slocate-2.7-22.fc4.1.i386.rpm b35ba3b183c2e37773ddf07147b1a98d i386/debug/slocate-debuginfo-2.7-22.fc4.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Aug 22, 2005
•Important
Fedora
89
security advisoryfedoraupdateFedora Core 3: 2005-771 Critical: Slocate File System Threat
A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-771 2005-08-22 ---------------------------------------------------------------------Product : Fedora Core 3 Name : slocate Version : 2.7 Release : 12.fc3.1 Summary : Finds files on a system via a central database. Description : Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. ---------------------------------------------------------------------Update Information: A carefully prepared directory structure could stop the updatedb file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. ---------------------------------------------------------------------* Wed Aug 10 2005 Miloslav Trmac - 2.7-12.fc3.1 - s/Copyright/License/ - Skip subtrees with paths longer than 32k - Drop the ineffective fts patch ---------------------------------------------------------------------This update can be downloaded from: 858e1b03ea946b5c03e00721dc1709dd SRPMS/slocate-2.7-12.fc3.1.src.rpm dd00e1dc7ec8e90b51e404f2cae597e3 x86_64/slocate-2.7-12.fc3.1.x86_64.rpm 48d65ce1efe5f1e303b05ba46f74f7d7 x86_64/debug/slocate-debuginfo-2.7-12.fc3.1.x86_64.rpm c83bfb7641c6c2e6bfc6209ea33f0157 i386/slocate-2.7-12.fc3.1.i386.rpm 364b3432b2b09a96b7a447f0fcd6aa23 i386/debug/slocate-debuginfo-2.7-12.fc3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Aug 22, 2005
•Critical
Fedora
98
security advisorydenial of servicered hat enterprise linuxSUSE Linux Enterprise Server: SLE-2022:3056-01 Moderate OpenSSL Update
An updated slocate package that fixes a denial of service issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: slocate security update Advisory ID: RHSA-2005:747-02 Advisory URL: https://access.redhat.com/errata/RHSA-2005:747.html Issue date: 2005-08-22 Updated on: 2005-08-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2499 - ---------------------------------------------------------------------1. Summary: An updated slocate package that fixes a denial of service issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a nightly-updated central database for files that match a given pattern. A bug was found in the way slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Users are advised to upgrade to this updated package, which includes a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the followingcommand: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165430 - CAN-2005-2499 slocate DOS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm ia64: 68f823b854a10eec8a180b05cca7a240 slocate-2.7-1.el2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm ia64: 68f823b854a10eec8a180b05cca7a240 slocate-2.7-1.el2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2499 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. . Fedora issued a minor security update addressing a potential data leak in the pmacct tool along with revised guidelines.. Slocate Update, Red Hat, Denial Of Service. . Severity: Low. LinuxSecurity.com Team
Aug 22, 2005
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!