[Bug 1485] New: Multiple vulnerabilities in mc will be solved by upgrade to 4.6.1

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Fri Jul 29 12:12:16 PDT 2005


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1485

           Summary: Multiple vulnerabilities in mc will be solved by upgrade
                    to 4.6.1
           Product: Beyond LinuxFromScratch
           Version: 6.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: ken at kenmoffat.uklinux.net
         QAContact: blfs-book at linuxfromscratch.org


Sorry to add this so late, but upgrading the book to mc-4.6.1 will fix the
following vulnerabilities present in 4.6.0:
CAN-2004-0226, CAN-2004-0231, CAN-2004-0232, CAN-2003-1023

of these, CAN-2003-1023 is a remote attack during symlink conversion,
CAN-2004-0226 is multiple buffer overflows leading to DoS

and appears to fix the following (that is, a gentoo patch to fix these is all
either already applied or doesn't apply because they've been fixed in other ways):
CAN-2004-1004, CAN-2004-1005, CAN-2004-1092, CAN-2004-1076 (the usual overflows,
underflows, format string, and DoS by freeing unallocated memory).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list