Midnight Commander Virtual File System Symlink Buffer Overflow Vulnerability

Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.

Debian has released an advisory (DSA 424-1) to address this issue. Please see referenced advisory for further details regarding the application of relevant fixes.

Red Hat has released advisory RHSA-2004:034-01 to address this issue.

Mandrake has released an advisory (MDKSA-2004:007) that includes updates for this issue.

RedHat Fedora has released advisory FEDORA-2004-058 to address this issue.

SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.

SCO Openlinux advisory CSSA-2004-014.0 advisory has been released dealing with this issue.

Gentoo has released advisory GLSA 200403-09 to address this issue. To
update the system, enter the following commands:
# emerge sync

# emerge -pv ">=app-misc/mc-4.6.0-r5"
# emerge ">=app-misc/mc-4.6.0-r5"

Conectiva has released advisory CLA-2004:833 and fixes to address this issue.

OpenPKG has released advisory OpenPKG-SA-2004.009 to address this issue.

Red Hat Fedora Legacy has released advisory FLSA:1224 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.

Fixes:


SGI ProPack 2.3

SGI ProPack 2.4

Midnight Commander Midnight Commander 4.5.51

Midnight Commander Midnight Commander 4.5.55

Midnight Commander Midnight Commander 4.6


 

Privacy Statement
Copyright 2010, SecurityFocus