All fixed, I don't have a specific patch, other changes were incorporated into this version (2.7). ftp://ftp.geekreview.com/slocate/src/slocate-2.7.tar.gz Let me know if anything funky happens. Kevin- On Fri, Jan 24, 2003 at 07:27:27AM -0800, inkubus@hushmail.com wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > __________________________________________________ > > USG Security Advisory > http://www.usg.org.uk/advisories/2003.001.txt > inkubus@hushmail.com > USG- SA- 2003.001 24- Jan- 2003 > __________________________________________________ > > Package: slocate > Vulnerability: local buffer overflow > Type: local > Risk: high, users can gain high privileges in the system. > System tested: RedHat Linux 7.3 (Valhalla) with slocate-2.6-1 from RPM > Credits: Knight420, Team TESO, Michal Zalewski, Aleph1, dvdman > --------------------------------------------------- Kevin Lindsay Debian Developer Fingerprint: 81E 58A3 B49A 580E EE3D 8CF0 519A 55F0 746C 51F4 Key Id: 746C51F4
Attachment:
pgp00284.pgp
Description: PGP signature