[Frugalware-darcs] homepage-ng: FSA204-findutils

voroskoi voroskoi at frugalware.org
Fri Jun 8 09:37:35 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070608072945-dd049-83e7c3b22a59c5b34ab88710b7ea65b2be479b8a.gz;

[FSA204-findutils
voroskoi <voroskoi at frugalware.org>**20070608072945] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>204</id>
+		<date>2007-06-08</date>
+		<author>voroskoi</author>
+		<package>findutils</package>
+		<vulnerable>4.3.2-1</vulnerable>
+		<unaffected>4.3.2-2terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2128</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2452</cve>
+		<desc>A vulnerability has been reported in GNU findutils, which can be exploited by malicious people to compromise a user's system.
+			The vulnerability is caused due to a boundary error when parsing "old" style formatted locate databases. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into running locate on a specially crafted "old" style database containing an overly long path (more than 1026 bytes).</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list