Fedora Test Update Notification: mc

Jesse Keating jkeating at j2solutions.net
Thu Jun 17 03:45:19 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1548
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1548
2004-06-16
- ---------------------------------------------------------------------
 
Name        : mc
Version 7.3 : 4.5.55-7.legacy
Summary     : A user-friendly file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2004-0226:
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow 
attackers to cause a denial of service or execute arbitrary code.
 
CAN-2004-0231:
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with 
unknown impact, related to "Insecure temporary file and directory 
creations."
 
CAN-2004-0232:
Multiple format string vulnerabilities in Midnight Commander (mc) before 
4.6.0 may allow attackers to cause a denial of service or execute 
arbitrary code.
- ---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Sun May 02 2004 Jonny Strom <jonny.strom at netikka.fi>
 
- - Fix buffer overflows CAN-2004-0226, a format string vulnerability
- - CAN-2004-0232 and some insecure temporary file creations CAN-2004-0231.
- - Based on the woody patch.
 
* Sun Jan 25 2004 Michael Schwendt <mschwendt[AT]users.sf.net>
 
- - Fix up missing build requirements.
- - Move PAM dependency to disabled mcserv package.
 
* Sun Jan 18 2004 Jesse Keating <jkeating at j2solutions.net>
 
- - Version change to -6.legacy
- - Changed patch file to be named for the CVE
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
cb94798809ae1c21c884591e1f3d0cab933edada  
7.3/updates-testing/SRPMS/mc-4.5.55-7.legacy.src.rpm
e5a3355aa808fb41e9d914eb2efb4b737723d157  
7.3/updates-testing/i386/mc-4.5.55-7.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA0RPP4v2HLvE71NURAt/kAJ9YMVh6anMJC+F6BCPR4Uf7/tpqFACgoxEg
NMF+wspkz8ezUI0lQ9nN0Mk=
=hkkj
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list