Skip to navigation

Security Advisory slocate security update

Advisory: RHSA-2005:747-09
Type: Security Advisory
Severity: Low
Issued on: 2005-08-22
Last updated on: 2005-08-22
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-2499

Details

An updated slocate package that fixes a denial of service issue is now
available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Slocate is a security-enhanced version of locate. Like locate, slocate
searches through a nightly-updated central database for files that match a
given pattern.

A bug was found in the way slocate processes very long paths. A local user
could create a carefully crafted directory structure that would prevent
updatedb from completing its file system scan, resulting in an incomplete
slocate database. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-2499 to this issue.

Users are advised to upgrade to this updated package, which includes a
backported patch to resolve this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/SRPMS/slocate-2.7-1.el2.1.src.rpm
Missing file
    MD5: 48bc2399648a71b9cdc6f7eee3457f5c
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/i386/slocate-2.7-1.el2.1.i386.rpm
Missing file
    MD5: 422f42516805c04797c817a4e8c4d333
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/ia64/slocate-2.7-1.el2.1.ia64.rpm
Missing file
    MD5: 68f823b854a10eec8a180b05cca7a240
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/SRPMS/slocate-2.7-1.el2.1.src.rpm
Missing file
    MD5: 48bc2399648a71b9cdc6f7eee3457f5c
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/i386/slocate-2.7-1.el2.1.i386.rpm
Missing file
    MD5: 422f42516805c04797c817a4e8c4d333
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/SRPMS/slocate-2.7-1.el2.1.src.rpm
Missing file
    MD5: 48bc2399648a71b9cdc6f7eee3457f5c
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/i386/slocate-2.7-1.el2.1.i386.rpm
Missing file
    MD5: 422f42516805c04797c817a4e8c4d333
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/SRPMS/slocate-2.7-1.el2.1.src.rpm
Missing file
    MD5: 48bc2399648a71b9cdc6f7eee3457f5c
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/slocate/2.7-1.el2.1/ia64/slocate-2.7-1.el2.1.ia64.rpm
Missing file
    MD5: 68f823b854a10eec8a180b05cca7a240
 

Bugs fixed (see bugzilla for more information)

165430 - CAN-2005-2499 slocate DOS


References


Keywords

updatedb


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/