Bug 113849

Summary: CAN-2003-1023 mc stack overflow
Product: [Retired] Red Hat Linux Reporter: Mark J. Cox <mjc>
Component: mcAssignee: Jakub Jelinek <jakub>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: leonard-rh-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-01-29 12:46:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2004-01-19 15:25:55 UTC 
A buffer overflow has been found in Midnight Commander's virtual
filesystem code. Specifically, a stack-based buffer overflow in
vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to
execute arbitrary code during symlink conversion.

Errata RHSA-2004:034 in progress
Comment 1 Leonard den Ottolander 2004-01-29 12:07:36 UTC 
This is in ERRATA and can be closed as such.
Comment 2 Mark J. Cox 2004-01-29 12:46:23 UTC 
Yeah, RHSA-2004:034 was released on the 21st:
http://rhn.redhat.com/errata/RHSA-2004-034.html
Comment 3 Leonard den Ottolander 2004-01-30 10:27:08 UTC 
And what about Fedora Core (bug #114540)? A test update was made
available on the 19th, but no announcement was made on either the test
list, the main list or the devel list.

This update should be announced and moved to the main tree.

While I am at it let me shamelessly plug the one line fix from bug
#112644. Please get it in testing. I've been using it for over a month
without any problem.