Package : slocate
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0056
A problem has been discovered in slocate, a secure locate replacement.
A buffer overflow in the setuid program slocate can be used to execute
arbitrary code as superuser.
For the stable distribution (woody) this problem has been
fixed in version 2.6-1.3.1.
The old stable distribution (potato) is not affected by this problem.
For the unstable distribution (sid) this problem has been fixed in
version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
These files will probably be moved into the stable distribution on
its next revision.
- ------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 252-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 21st, 2003 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
--
Package : slocate
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE Id : CAN-2003-0056
A problem has been discovered in slocate, a secure locate replacement.
A buffer overflow in the setuid program slocate can be used to execute
arbitrary code as superuser.
For the stable distribution (woody) this problem has been
fixed in version 2.6-1.3.1.
The old stable distribution (potato) is not affected by this problem.
For the unstable distribution (sid) this problem has been fixed in
version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
.dsc
Size/MD5 checksum: 550 9ade1dcc6d5185c9acddd8b487d5d28b
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
.diff.gz
Size/MD5 checksum: 7058 a7ac6632dc02e1e26ad9f5cb462cced7
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6.orig.
tar.gz
Size/MD5 checksum: 69213 08b1902323d686130a6daaca1fac61fc
Alpha architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_alpha.deb
Size/MD5 checksum: 28100 44eccd6ca90b61996b50eb396456f798
ARM architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_arm.deb
Size/MD5 checksum: 25290 52d54dacf94f35519fbfb8d5a2ebd8a9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_i386.deb
Size/MD5 checksum: 24788 9c9121191ee8ce7321bda76b3bb0c8fa
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_ia64.deb
Size/MD5 checksum: 31100 039ee8d8218e953d51a3514d9318f2d6
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_hppa.deb
Size/MD5 checksum: 26822 0ad73800a4c0c19518cad0aa3768f1c6
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_m68k.deb
Size/MD5 checksum: 24338 2eb37c351a989dd14d9ad84fe6f3176b
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_mips.deb
Size/MD5 checksum: 25656 85426c291c393fec878012afdcf85aaf
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_mipsel.deb
Size/MD5 checksum: 25592 fabe9486658781a7584a583e07370442
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_powerpc.deb
Size/MD5 checksum: 25658 08a2aa276b88ed5335c2e0ff8650c696
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_s390.deb
Size/MD5 checksum: 25710 956dbf8e147bd1f31ffa3fa43c3e31d4
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1
_sparc.deb
Size/MD5 checksum: 27604 10aa9aff27a87f88d78b57b33ae5b2d5
These files will probably be moved into the stable distribution on
its next revision.
- ------------------------------------------------------------------------
---------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+VjcoW5ql+IAeqTIRAtYEAJ0eJUFnd8j9SNkoYcdXuOmAYHm0+QCgmLcx
sZxf1OclKYi5BrCozhwCYfE=
=yK7h
-----END PGP SIGNATURE-----
[ reply ]