|
Coreutils LS Width Argument Integer Overflow Vulnerability
Solution: This issue is reported to have been fixed in coreutils fileutils CVS tree. Sun has released fixes to address this issue in Sun Cobalt Qube 3 and Cobalt RaQ XTR products. The fixes are linked below. Sun has released a fix to address this issue in Sun Cobalt RaQ4. The fix is linked below. Turbolinux have released an advisory (TLSA-2003-60) to address this issue. Users who are potentially affected by this vulnerability are advised to apply relative fixes as soon as possible. Further information regarding obtaining and applying these fixes can be found in the referenced advisory. Red Hat has released an advisory (RHSA-2003:310-10) that addresses this issue on Red Hat Enterprise edition Linux. Customers who are potentially affected by this vulnerability are advised to apply appropriate fixes as soon as possible. Customers can download these fixes from the Red Hat network; further information is available in the referenced advisory. Conectiva has released an advisory (CLA-2003:768) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible. Conectiva has released a follow up to advisory (CLA-2003:768). The new advisory (CLA-2003:771) concerns the anonftp package that contains a copy of the vulnerable ls program. Affected users are advised to apply these fixes as soon as possible. Immunix has released an advisory (IMNX-2003-7+-026-01) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible. Red Hat has released a security advisory (RHSA-2003:309-01) containing fixes. Mandrake has released an advisory (MDKSA-2003:106) that includes updates to address the issue. Please see the attached advisory for details on obtaining and applying fixes. An advisory has been released for Trustix Secure Linux (TSLSA-2003-0042) that includes updates for this issue. Please see the attached advisory for details on obtaining and applying updates. SGI has released an advisory (20031101-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10032) containing updated RPM packages relating to a number of different BIDS. Patch 10032 can be obtained via the following link: http://support.sgi.com/ For information regarding how to obtain individual RPM packages included in Patch 10032, please see the attached advisory. Sun has released fixes for Sun Linux. SCO has released fixes for OpenLinux 3.1.1 Server and Workstation. Debian has released advisory DSA 705-1 along with fixes dealing with this issue for their wu-ftp packages. Please see the referenced advisory for more information. Avaya has released advisory ASA-2005-213 to indicate that Avaya CVLAN and Integrated Management products are vulnerable to this issue. Customers are advised to apply patches supplied by vendors of the underlying operating systems. Please see the referenced advisory for more information. Sun Cobalt RaQ 4
Sun Cobalt RaQ XTR
Sun Cobalt Qube 3
Washington University wu-ftpd 2.6.1
Washington University wu-ftpd 2.6.2
GNU fileutils 4.0.33
GNU fileutils 4.0.36
GNU fileutils 4.1
GNU fileutils 4.1.1
GNU fileutils 4.1.11
GNU fileutils 4.1.5
GNU fileutils 4.1.9
GNU Coreutils 4.5.3
GNU Coreutils 4.5.7
GNU Coreutils 5.0
|
|
 Privacy Statement |
