MandrivaUsers.org > Security Advisory (MDKSA-2004:039): mc

Full Version: Security Advisory (MDKSA-2004:039): mc

MandrivaUsers.org > Announcements > Mandriva Security Advisories

aru

Apr 30 2004, 12:13 AM

MandrakeSoft Security Advisory MDKSA-2004:039 : mc

April 29th, 2004
Updated mc packages fix vulnerabilities

Several vulnerabilities in Midnight Commander were found by Jacub Jelinek. This includes several buffer overflows (CAN-2004-0226), as well as a format string issue (CAN-2004-0232), and an issue with temporary file and directory creation (CAN-2004-0231). Most of the included fixes are backports from CVS, done by Andrew V. Samoilov and Pavel Roskin.

The updated packages are patched to correct these problems.

The released versions of Mandrake GNU/Linux affected are:

9.1
9.2
9.2/AMD64
Corporate Server 2.1
10.0

Full information about this advisory, including the updated packages, is available at:
www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:039

Other references:
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0232

Posted automatically by aru (mdksec2mub v0.0.8)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.