-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2004-6 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date : 17 Feb 2004 Last revised : 17 Feb 2004 Package : slocate Summary : Buffer overlows More information : Secure locate provides a secure way to index and quickly search for files on your system. It uses incremental encoding just like GNU locate to compress its database to make searching faster, but it will also check file permissions and ownership so that users will not see files they do not have access to. Two buffer overflow vulnerabilities were found in slocate. Impact : A local user could exploit this vulnerability to gain "slocate" group privileges. Affected Products : - Turbolinux 10 Desktop - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or [Turbolinux 10 Desktop] # zabom -u slocate [other] # zabom update slocate --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/slocate-2.7-5.src.rpm 97678 e126532cd95f430b75ef9b04da08e1c5 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/slocate-2.7-5.i586.rpm 30381 dc2fe594e00285a09b8de6d9247deaf3 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/slocate-2.7-5.src.rpm 97678 fd997c9ab22802b57eca2ce171748d80 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/slocate-2.7-5.i586.rpm 29028 f67d0d6113713d0c4fcbcf98107babee Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/slocate-2.7-5.src.rpm 97678 5ad273932f01f0de097b0b9caf62f5cc Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/slocate-2.7-5.i586.rpm 29055 47b5443d9d5a9059bb424706e4b3c46a Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/slocate-2.7-5.src.rpm 97678 87470ca4e766aba933e9638acb4ba742 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/slocate-2.7-5.i586.rpm 28904 d5bf696e27b7b68f96c67b4ee4135344 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/slocate-2.7-5.src.rpm 97678 28c4443bb23fb9d1e2930bec6c55058e Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/slocate-2.7-5.i586.rpm 28942 6ceff35e5d808ac242c0f5b907f6b001 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/slocate-2.7-5.src.rpm 97678 9073b8497b81eb1396e9fad38ef5add1 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/slocate-2.7-5.i386.rpm 29210 56c43ac5fbf67f5c17548cb6be90bf5b Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/slocate-2.7-5.src.rpm 97678 02de83e6a9e6c770aaf4c68f90c8be9a Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/slocate-2.7-5.i386.rpm 29191 0f4a52b45709c1e4cfbb9e062d44b350 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/slocate-2.7-5.src.rpm 97678 1dc6e08db5f99b279ae38f4832946815 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/slocate-2.7-5.i386.rpm 29215 47b69730a5f477632575f96003155668 Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/slocate-2.7-5.src.rpm 97678 399d968b83e3e0d43c9da9f722ad6584 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/slocate-2.7-5.i386.rpm 29189 79065665a65fd348f6c6341e8f3fa705 References : CVE [CAN-2003-0056] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056 [CAN-2003-0848] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0848 -------------------------------------------------------------------------- Revision History 17 Feb 2004 Initial release -------------------------------------------------------------------------- Copyright(C) 2004 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAMZc7K0LzjOqIJMwRAr/VAKCuo6nFHsRolUcCWBWrVHvnv4cqKQCeKw7c CyXJh+BvtQw2FXce0CK+u0o= =RW9O -----END PGP SIGNATURE-----