89547 2003-02-03  17:06  /43 rader/ Daniel Ahlberg <aliz@gentoo.org>
Importerad: 2003-02-03  17:06  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <3330>
Ärende: GLSA:  slocate
------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-02
- - --------------------------------------------------------------------

PACKAGE : slocate
SUMMARY : buffer overflow
DATE    : 2003-02-02 13:36 UTC
EXPLOIT : local

- - --------------------------------------------------------------------

- From advisory: 

"The overflow appears when the slocate is  runned with two parameters: 
- -c and -r, using as arguments a 1024 (or 10240, as Knight420 has 
informed us earlier) bytes string."
 
Read the full advisory at 
http://www.usg.org.uk/advisories/2003.001.txt
 
SOLUTION

It is recommended that all Gentoo Linux users who are running
sys-apps/slocate upgrade to slocate-2.7 as follows:

emerge sync
emerge -u slocate
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+PR7NfT7nyhUpoZMRApEYAJ4uD5qRerI0di1uC0UOIrmMsFaIngCgk2JI
XW5zgRH8d560fe7weHDCPrw=
=H1YI
-----END PGP SIGNATURE-----
(89547) /Daniel Ahlberg <aliz@gentoo.org>/----------