Packages were updates to add missing groff and gnome-libs dependencies. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-152889 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152889 2005-07-28 --------------------------------------------------------------------- Name : mc Versions : rh73: mc-4.5.55-12.legacy Versions : rh9: mc-4.6.0-18.3.fc0.9.legacy Versions : fc1: mc-4.6.0-18.3.fc1.0.legacy Versions : fc2: mc-4.6.1-0.13.FC2.1.legacy Summary : A user-friendly file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Updated mc packages that fix several security issues are now available. Midnight Commander is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue. Several format string bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1004 to this issue. Several buffer overflow bugs were found in Midnight Commander. If a user is tricked by an attacker into opening a specially crafted file or path with mc, it may be possible to execute arbitrary code as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1005 to this issue. Several denial of service bugs were found in Midnight Commander. These bugs could cause Midnight Commander to hang or crash if a victim opens a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093 and CAN-2004-1174 to these issues. A filename quoting bug was found in Midnight Commander's FISH protocol handler. If a victim connects via embedded SSH support to a host containing a carefully crafted filename, arbitrary code may be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1175 to this issue. A buffer underflow bug was found in Midnight Commander. If a malicious local user is able to modify the extfs.ini file, it could be possible to execute arbitrary code as a user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1176 to this issue. A buffer overflow bug was found in the way Midnight Commander handles directory completion. If a victim uses completion on a maliciously crafted directory path, it is possible for arbitrary code to be executed as the user running Midnight Commander. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0763 to this issue. Users of mc are advised to upgrade to these packages, which contain backported security patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Sun Apr 17 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-11.legacy - Missed the removal of a strcat in gtkedit/syntax.c open_include_file() in CAN-2004-0226 causing crash in mcedit. Cleaned up syntax.c a bit more in accordance with the Debian patch and CVS (redundant -1s in strncpy()s) * Wed Apr 13 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-10.legacy - Add patch for CAN-2005-0763 * Fri Apr 08 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-9.legacy - Use CAN-2004-0226 patch from RHEL 2.1 as it is more complete than the Debian patch. - Split original CAN-2004-0226 patch in 6 parts: CAN-2004-0226 (buffer overflows), CAN-2004-0231 (temp file fixes), CAN-2004-0232 (format string vulnerabilities), CAN-2004-0494 (vfs quoting fixes), ftpfs, and fish. - Add one modified hunk from Debian to src/complete.c (CAN-2004-0226) - Don't use CAN-2004-0494 parts from RHEL 2.1 CAN-2004-0226 patch as the current patch is more complete. - Rename mc-4.5.55-extfs.patch to mc-4.5.55-CAN-2004-0494.patch. - Removed some redundant hunks and fixed a few in CAN-2004-0494 patch. - Add missing hunk for lib/cedit.menu to CAN-2004-0231 patch. - One cpio.c hunk removed from CAN-2004-1005 patch (already in -0226) * Mon Feb 14 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-8.legacy - Really apply remainder of CAN-2004-0226 patch * Wed Feb 09 2005 Leonard den Ottolander <leonard * den ottolander nl> 4.5.55-7.legacy - Fixed extfs for quoting and some temp file issues (CAN-2004-0494). - Removed mc-cvs-uzip as it is no longer needed with above fixes. - trpm and zip fixes are unneeded but left in as the patch was made against a tree that has them applied. - Added fixes for CAN-2004-0226, CAN-2004-1004, CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 & CAN-2004-1176. rh9: * Sat Feb 12 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc0.9.legacy - rebuild SRPM for RH9. (FL bugzilla #2009, 2405). * Fri Feb 11 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc1.0.legacy - Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004, CAN-2004-1005, and CAN-2004-1176. Source of these patches are from Debian, (DSA-639) and ultimately from the mc CVS tree. - FL Bugzilla #2405. * Sun Feb 06 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.1.fc1.0.legacy - Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch. - Use revised quoted-security2 patch, less drastic changes to uzip.in in extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009. * Fri Jan 28 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.0.fc1.0.legacy - Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match scripts in upstream's cvs. This takes care of fixes missed in Fedora update FEDORA-2004-272. - Fedora Legacy bugzilla # 2009. fc1: * Fri Feb 11 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.2.fc1.0.legacy - Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004, CAN-2004-1005, and CAN-2004-1176. Source of these patches are from Debian, (DSA-639) and ultimately from the mc CVS tree. - FL Bugzilla #2405. * Sun Feb 06 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.1.fc1.0.legacy - Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch. - Use revised quoted-security2 patch, less drastic changes to uzip.in in extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009. * Fri Jan 28 2005 David Eisenstein <deisenst@xxxxxxx> 1:4.6.0-18.0.fc1.0.legacy - Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match scripts in upstream's cvs. This takes care of fixes missed in Fedora update FEDORA-2004-272. - Fedora Legacy bugzilla # 2009. fc2: * Tue Jul 12 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.6.1-0.13.FC2.legacy - Rebuilt as a Fedora Legacy update * Fri Mar 04 2005 Jindrich Novy <jnovy@xxxxxxxxxx> 4.6.1-0.13.FC2 - backport FC3 update to FC2 to fix security issues: (#148865) - CAN-2004-1004 (string vulnerabilities) - CAN-2004-1005 (buffer overflows) - CAN-2004-1176 (buffer underflow) - introduce mc-4.6.1-pre3 to FC2 users --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 7dd653902f620c9ab66fc187c92e1e8c70af4b6f redhat/7.3/updates-testing/i386/mc-4.5.55-12.legacy.i386.rpm 94c75a0b0dcb60dd1df86b247af305b876d9a1e8 redhat/7.3/updates-testing/SRPMS/mc-4.5.55-12.legacy.src.rpm rh9: 82c7263b65d3959003c6043131dad7248fa7c40e redhat/9/updates-testing/i386/mc-4.6.0-18.3.fc0.9.legacy.i386.rpm df1385e379c96a306acfd106533cc2195b4ea39a redhat/9/updates-testing/SRPMS/mc-4.6.0-18.3.fc0.9.legacy.src.rpm fc1: 14ba4a2f6f2096786ffc543f5e084ad1d69b3f1b fedora/1/updates-testing/i386/mc-4.6.0-18.3.fc1.0.legacy.i386.rpm c17b32b79eba441aaf458036ac7dfa08d77c4bb7 fedora/1/updates-testing/SRPMS/mc-4.6.0-18.3.fc1.0.legacy.src.rpm fc2: a8270921b5ded8b829c7fda54d7bac77145df129 fedora/2/updates-testing/i386/mc-4.6.1-0.13.FC2.1.legacy.i386.rpm 30c732c47fb2c97743b492b0c41d8cfc4ff28b96 fedora/2/updates-testing/SRPMS/mc-4.6.1-0.13.FC2.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
