[UPDATED] Fedora Legacy Test Update Notification: mc
Marc Deslauriers
marcdeslauriers at videotron.ca
Fri Jul 29 03:09:29 UTC 2005
Packages were updates to add missing groff and gnome-libs
dependencies.
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-152889
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152889
2005-07-28
---------------------------------------------------------------------
Name : mc
Versions : rh73: mc-4.5.55-12.legacy
Versions : rh9: mc-4.6.0-18.3.fc0.9.legacy
Versions : fc1: mc-4.6.0-18.3.fc1.0.legacy
Versions : fc2: mc-4.6.1-0.13.FC2.1.legacy
Summary : A user-friendly file manager and visual shell.
Description :
Midnight Commander is a visual shell much like a file manager, only
with many more features. It is a text mode application, but it also
includes mouse support if you are running GPM. Midnight Commander's
best features are its ability to FTP, view tar and zip files, and to
poke into RPMs for specific files.
---------------------------------------------------------------------
Update Information:
Updated mc packages that fix several security issues are now available.
Midnight Commander is a visual shell much like a file manager.
Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander. These vulnerabilities were discovered
mostly by Andrew V. Samoilov and Pavel Roskin. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues.
Shell escape bugs have been discovered in several of the mc vfs backend
scripts. An attacker who is able to influence a victim to open a
specially-crafted URI using mc could execute arbitrary commands as the
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0494 to this issue.
Several format string bugs were found in Midnight Commander. If a user
is tricked by an attacker into opening a specially crafted path with mc,
it may be possible to execute arbitrary code as the user running
Midnight Commander. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1004 to this issue.
Several buffer overflow bugs were found in Midnight Commander. If a user
is tricked by an attacker into opening a specially crafted file or path
with mc, it may be possible to execute arbitrary code as the user
running Midnight Commander. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1005 to this
issue.
Several denial of service bugs were found in Midnight Commander. These
bugs could cause Midnight Commander to hang or crash if a victim opens a
carefully crafted file. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-1009, CAN-2004-1090,
CAN-2004-1091, CAN-2004-1092, CAN-2004-1093 and CAN-2004-1174 to these
issues.
A filename quoting bug was found in Midnight Commander's FISH protocol
handler. If a victim connects via embedded SSH support to a host
containing a carefully crafted filename, arbitrary code may be executed
as the user running Midnight Commander. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1175 to
this issue.
A buffer underflow bug was found in Midnight Commander. If a malicious
local user is able to modify the extfs.ini file, it could be possible to
execute arbitrary code as a user running Midnight Commander. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1176 to this issue.
A buffer overflow bug was found in the way Midnight Commander handles
directory completion. If a victim uses completion on a maliciously
crafted directory path, it is possible for arbitrary code to be executed
as the user running Midnight Commander. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0763 to
this issue.
Users of mc are advised to upgrade to these packages, which contain
backported security patches to correct these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Sun Apr 17 2005 Leonard den Ottolander <leonard * den ottolander nl>
4.5.55-11.legacy
- Missed the removal of a strcat in gtkedit/syntax.c open_include_file() in
CAN-2004-0226 causing crash in mcedit. Cleaned up syntax.c a bit more in
accordance with the Debian patch and CVS (redundant -1s in strncpy()s)
* Wed Apr 13 2005 Leonard den Ottolander <leonard * den ottolander nl>
4.5.55-10.legacy
- Add patch for CAN-2005-0763
* Fri Apr 08 2005 Leonard den Ottolander <leonard * den ottolander nl>
4.5.55-9.legacy
- Use CAN-2004-0226 patch from RHEL 2.1 as it is more complete than the
Debian patch.
- Split original CAN-2004-0226 patch in 6 parts: CAN-2004-0226 (buffer
overflows), CAN-2004-0231 (temp file fixes), CAN-2004-0232 (format string
vulnerabilities), CAN-2004-0494 (vfs quoting fixes), ftpfs, and fish.
- Add one modified hunk from Debian to src/complete.c (CAN-2004-0226)
- Don't use CAN-2004-0494 parts from RHEL 2.1 CAN-2004-0226 patch as the
current patch is more complete.
- Rename mc-4.5.55-extfs.patch to mc-4.5.55-CAN-2004-0494.patch.
- Removed some redundant hunks and fixed a few in CAN-2004-0494 patch.
- Add missing hunk for lib/cedit.menu to CAN-2004-0231 patch.
- One cpio.c hunk removed from CAN-2004-1005 patch (already in -0226)
* Mon Feb 14 2005 Leonard den Ottolander <leonard * den ottolander nl>
4.5.55-8.legacy
- Really apply remainder of CAN-2004-0226 patch
* Wed Feb 09 2005 Leonard den Ottolander <leonard * den ottolander nl>
4.5.55-7.legacy
- Fixed extfs for quoting and some temp file issues (CAN-2004-0494).
- Removed mc-cvs-uzip as it is no longer needed with above fixes.
- trpm and zip fixes are unneeded but left in as the patch was made
against a
tree that has them applied.
- Added fixes for CAN-2004-0226, CAN-2004-1004, CAN-2004-1005,
CAN-2004-1009, CAN-2004-1090,
CAN-2004-1091, CAN-2004-1092, CAN-2004-1093, CAN-2004-1174,
CAN-2004-1175 &
CAN-2004-1176.
rh9:
* Sat Feb 12 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.2.fc0.9.legacy
- rebuild SRPM for RH9. (FL bugzilla #2009, 2405).
* Fri Feb 11 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.2.fc1.0.legacy
- Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004,
CAN-2004-1005, and CAN-2004-1176. Source of these patches are from
Debian,
(DSA-639) and ultimately from the mc CVS tree.
- FL Bugzilla #2405.
* Sun Feb 06 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.1.fc1.0.legacy
- Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a
hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch.
- Use revised quoted-security2 patch, less drastic changes to uzip.in in
extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009.
* Fri Jan 28 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.0.fc1.0.legacy
- Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match
scripts in upstream's cvs. This takes care of fixes missed in Fedora
update FEDORA-2004-272.
- Fedora Legacy bugzilla # 2009.
fc1:
* Fri Feb 11 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.2.fc1.0.legacy
- Add mc-4.6.0-multi-CVE.patch which completes the fixes for CAN-2004-1004,
CAN-2004-1005, and CAN-2004-1176. Source of these patches are from
Debian,
(DSA-639) and ultimately from the mc CVS tree.
- FL Bugzilla #2405.
* Sun Feb 06 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.1.fc1.0.legacy
- Per Leonard den Ottolander, get rid of mc-cvs-uzip. Required removing a
hunk from mc-4.6.0-jumbo.patch, now renamed mc-4.6.0-jumbo-b.patch.
- Use revised quoted-security2 patch, less drastic changes to uzip.in in
extfs directory for vulnerability CAN-2004-0494. FL bugzilla #2009.
* Fri Jan 28 2005 David Eisenstein <deisenst at gtw.net>
1:4.6.0-18.0.fc1.0.legacy
- Update extfs shell quoting fixes in scripts (CAN-2004-0494) to match
scripts in upstream's cvs. This takes care of fixes missed in Fedora
update FEDORA-2004-272.
- Fedora Legacy bugzilla # 2009.
fc2:
* Tue Jul 12 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.6.1-0.13.FC2.legacy
- Rebuilt as a Fedora Legacy update
* Fri Mar 04 2005 Jindrich Novy <jnovy at redhat.com> 4.6.1-0.13.FC2
- backport FC3 update to FC2 to fix security issues: (#148865)
- CAN-2004-1004 (string vulnerabilities)
- CAN-2004-1005 (buffer overflows)
- CAN-2004-1176 (buffer underflow)
- introduce mc-4.6.1-pre3 to FC2 users
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
7dd653902f620c9ab66fc187c92e1e8c70af4b6f
redhat/7.3/updates-testing/i386/mc-4.5.55-12.legacy.i386.rpm
94c75a0b0dcb60dd1df86b247af305b876d9a1e8
redhat/7.3/updates-testing/SRPMS/mc-4.5.55-12.legacy.src.rpm
rh9:
82c7263b65d3959003c6043131dad7248fa7c40e
redhat/9/updates-testing/i386/mc-4.6.0-18.3.fc0.9.legacy.i386.rpm
df1385e379c96a306acfd106533cc2195b4ea39a
redhat/9/updates-testing/SRPMS/mc-4.6.0-18.3.fc0.9.legacy.src.rpm
fc1:
14ba4a2f6f2096786ffc543f5e084ad1d69b3f1b
fedora/1/updates-testing/i386/mc-4.6.0-18.3.fc1.0.legacy.i386.rpm
c17b32b79eba441aaf458036ac7dfa08d77c4bb7
fedora/1/updates-testing/SRPMS/mc-4.6.0-18.3.fc1.0.legacy.src.rpm
fc2:
a8270921b5ded8b829c7fda54d7bac77145df129
fedora/2/updates-testing/i386/mc-4.6.1-0.13.FC2.1.legacy.i386.rpm
30c732c47fb2c97743b492b0c41d8cfc4ff28b96
fedora/2/updates-testing/SRPMS/mc-4.6.1-0.13.FC2.1.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050728/a0dcfaa6/attachment.sig>
More information about the fedora-legacy-list
mailing list