--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152889 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152889 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148865 2005-07-12 --------------------------------------------------------------------- Name : mc Versions : rh73: mc-4.5.55-11.legacy Versions : rh9: mc-4.6.0-18.2.fc0.9.legacy Versions : fc1: mc-4.6.0-18.2.fc1.0.legacy Versions : fc2: mc-4.6.1-0.13.FC2.legacy Summary : A user-friendly file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Updated mc packages that fix several security issues are now available. Midnight Commander is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1004 to this issue. Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1005 to this issue. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093 and CAN-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1175 to this issue. A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1176 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Sun Apr 17 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-11.legacy - Missed the removal of a strcat in gtkedit/syntax.c open_include_file() in CAN-2004-0226 causing crash in mcedit. Cleaned up syntax.c a bit more in accordance with the Debian patch and CVS (redundant -1s in strncpy()s) * Wed Apr 13 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-10.legacy - Add patch for CAN-2005-0763 * Fri Apr 08 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-9.legacy - Use CAN-2004-0226 patch from RHEL 2.1 as it is more complete than the Debian patch. - Split original CAN-2004-0226 patch in 6 parts: CAN-2004-0226 (buffer overflows), CAN-2004-0231 (temp file fixes), CAN-2004-0232 (format string vulnerabilities), CAN-2004-0494 (vfs quoting fixes), ftpfs, and fish. - Add one modified hunk from Debian to src/complete.c (CAN-2004-0226) - Don't use CAN-2004-0494 parts from RHEL 2.1 CAN-2004-0226 patch as the current patch is more complete. - Rename mc-4.5.55-extfs.patch to mc-4.5.55-CAN-2004-0494.patch. - Removed some redundant hunks and fixed a few in CAN-2004-0494 patch. - Add missing hunk for lib/cedit.menu to CAN-2004-0231 patch. - One cpio.c hunk removed from CAN-2004-1005 patch (already in -0226) * Mon Feb 14 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-8.legacy - Really apply remainder of CAN-2004-0226 patch * Wed Feb 09 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-7.legacy - Fixed extfs for quoting and some temp file issues (CAN-2004-0494). - Removed mc-cvs-uzip as it is no longer needed with above fixes. - trpm and zip fixes are unneeded but left in as the patch was made against a tree that has them applied. - Added fixes for CAN-2004-0226, CAN-2004-1004, CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 & CAN-2004-1176. rh9: * Sat Feb 12 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc0.9.legacy - rebuild SRPM for RH9. (FL bugzilla #2009, 2405). * Fri Feb 11 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc1.0.legacy - Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004, CAN-2004-1005, and CAN-2004-1176. Source of these patches are from Debian, (DSA-639) and ultimately from the mc CVS tree. - FL Bugzilla #2405. * Sun Feb 06 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.1.fc1.0.legacy - Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch. - Use revised quoted-security2 patch, less drastic changes to uzip.in in extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009. * Fri Jan 28 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.0.fc1.0.legacy - Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match scripts in upstream's cvs. This takes care of fixes missed in Fedora update FEDORA-2004-272. - Fedora Legacy bugzilla # 2009. fc1: * Fri Feb 11 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc1.0.legacy - Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004, CAN-2004-1005, and CAN-2004-1176. Source of these patches are from Debian, (DSA-639) and ultimately from the mc CVS tree. - FL Bugzilla #2405. * Sun Feb 06 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.1.fc1.0.legacy - Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch. - Use revised quoted-security2 patch, less drastic changes to uzip.in in extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009. * Fri Jan 28 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.0.fc1.0.legacy - Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match scripts in upstream's cvs. This takes care of fixes missed in Fedora update FEDORA-2004-272. - Fedora Legacy bugzilla # 2009. fc2: * Tue Jul 12 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.6.1-0.13.FC2.legacy - Rebuilt as a Fedora Legacy update * Fri Mar 04 2005 Jindrich Novy <jnovy@xxxxxxxxxx> 4.6.1-0.13.FC2 - backport FC3 update to FC2 to fix security issues: (#148865) - CAN-2004-1004 (string vulnerabilities) - CAN-2004-1005 (buffer overflows) - CAN-2004-1176 (buffer underflow) - introduce mc-4.6.1-pre3 to FC2 users --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 3b7cdb46f5ea6bea6b3f157960e8b8d2df6f606c redhat/7.3/updates-testing/i386/mc-4.5.55-11.legacy.i386.rpm 0f7524e6546c64fdd6dc25fbacb61007afbda3bf redhat/7.3/updates-testing/SRPMS/mc-4.5.55-11.legacy.src.rpm rh9: 1ff0fb79aab253a3c7fe4a6324dc2402c6b8f437 redhat/9/updates-testing/i386/mc-4.6.0-18.2.fc0.9.legacy.i386.rpm 331bcec08ee0a3bf47b6b5651ce2a27816f8ec30 redhat/9/updates-testing/SRPMS/mc-4.6.0-18.2.fc0.9.legacy.src.rpm fc1: f5959c3196abe94223f9d43b4b78f78c88c98554 fedora/1/updates-testing/i386/mc-4.6.0-18.2.fc1.0.legacy.i386.rpm 529796f562e9e49739170ad86bc427a45a5d2f05 fedora/1/updates-testing/SRPMS/mc-4.6.0-18.2.fc1.0.legacy.src.rpm fc2: 67695b66e6d9019c0a612cd5698d3101d6de60a2 fedora/2/updates-testing/i386/mc-4.6.1-0.13.FC2.legacy.i386.rpm 9180550f9122594f36a813c6362b9e0bc12db89d fedora/2/updates-testing/SRPMS/mc-4.6.1-0.13.FC2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
