[SECURITY] Fedora Core 1 Test Update: mc-4.6.0-14.10

Jakub Jelinek jakub at redhat.com
Thu Apr 29 17:05:01 UTC 2004 

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-112
2004-04-29
---------------------------------------------------------------------

Name        : mc
Version     : 4.6.0                      
Release     : 14.10                  
Summary     : User-friendly text console file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.

---------------------------------------------------------------------
Update Information:

Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander.  These vulnerabilities were
discovered mostly by Andrew V. Samoilov and Pavel Roskin.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these
issues.

---------------------------------------------------------------------
* Fri Apr 16 2004 Jakub Jelinek <jakub at redhat.com> 4.6.0-14.10

- don't use mmap if st_size doesn't fit into size_t
- fix one missed match_normal -> match_regex
- rebuilt for FC1 updates

* Fri Apr 16 2004 Jakub Jelinek <jakub at redhat.com> 4.6.0-14

- avoid buffer overflows in mcedit Replace function

* Wed Apr 14 2004 Jakub Jelinek <jakub at redhat.com> 4.6.0-13

- perl scripting fix

* Wed Apr 14 2004 Jakub Jelinek <jakub at redhat.com> 4.6.0-12

- fix a bug in complete.c introduced by last patch
- export MC_TMPDIR env variable
- avoid integer overflows in free diskspace % counting
- put temporary files into $MC_TMPDIR tree if possible,
  use mktemp/mkdtemp

* Mon Apr 05 2004 Jakub Jelinek <jakub at redhat.com> 4.6.0-11

- fix a bunch of buffer overflows and memory leaks (CAN-2004-0226)
- fix hardlink handling in cpio filesystem
- fix handling of filenames with single/double quotes and backslashes
  in /usr/share/mc/extfs/rpm
- update php.syntax file (#112645)
- fix crash with large syntax file (#112644)
- update CAN-2003-1023 fix to still make vfs symlinks relative,
  but with bounds checking

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/

40b57542bc8ceb1199acb99f26d7d6a7  SRPMS/mc-4.6.0-14.10.src.rpm
b44e8b4d49e7cebfac5de2844e811f4a  i386/mc-4.6.0-14.10.i386.rpm
9fa72b80b83c5d2dffd9fc1c371825e5  i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm
f24c023a96ec4b5f4c618c7365564fbc  x86_64/mc-4.6.0-14.10.x86_64.rpm
c114fe0a452b5585ac8bcf0a62b43b40  x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20040429/79b62f5a/attachment.sig>

More information about the fedora-test-list mailing list