Red Hat Bugzilla – Bug 148864
CAN-2004-1004 multiple issues with mc (CAN-2004-1005 CAN-2005-1176)
Last modified: 2015-01-07 19:09:28 EST
Two issues with mc have been reported to the Debian BTS. You can find more
This issue should also affect RHEL2.1
Please compare https://bugzilla.fedora.us/show_bug.cgi?id=2405 and
http://www.debian.org/security/2005/dsa-639 (mc CAN-2004-1004,
CAN-2004-1005, CAN-2004-1009, CAN-2004-1090, CAN-2004-1091,
CAN-2004-1092, CAN-2004-1093, CAN-2004-1174, CAN-2004-1175 and
CAN-2004-1176). These issues all affect mc <= 4.5.55. CAN-2004-1004,
-1005 and 1176 affect mc-4.6.0.
These issues do *not* affect RHEL 4.
Sorry for not opening a bug report for RHEL 2.1 for this. Too busy
with Fedora Legacy (RHL 7.3).
Fixed in CVS.
- port patch for CAN-2004-1176 from upstream CVS
- port from fedora legacy - Leonard den Ottolander (#148864):
- CAN-2004-1004 - clean
- CAN-2004-1005 - drop charsets.c, boxes.c, cpio.c hunks,
fixed in 4.5.51, port sfs.c and key.c
Leonard, please let me know if you want the patches for 4.5.51.
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and
earlier allow remote attackers to have an unknown impact.
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow
remote attackers to have an unknown impact.
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows
remote attackers to cause a denial of service.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
What about CAN-2004-1009, CAN-2004-1090, CAN-2004-1091, CAN-2004-1092,
CAN-2004-1093, CAN-2004-1174 and CAN-2004-1175 ??
Those issues affect mc <= 4.5.55 so they should also be fixed for RHEL
It seems you think only CAN-2004-1004, CAN-2004-1005 and CAN-2005-1176
are relevant for RHEL 2.1. This is a false assumption.
The full advisory for Debian features these bugs:
* CAN-2004-1004 Multiple format string vulnerabilities
* CAN-2004-1005 Multiple buffer overflows
* CAN-2004-1009 One infinite loop vulnerability
* CAN-2004-1090 Denial of service via corrupted section header
* CAN-2004-1091 Denial of service via null dereference
* CAN-2004-1092 Freeing unallocated memory
* CAN-2004-1093 Denial of service via use of already freed memory
* CAN-2004-1174 Denial of service via manipulating non-existing
* CAN-2004-1175 Unintended program execution via insecure
* CAN-2004-1176 Denial of service via a buffer underflow
Leonard, thanks for noticing this.
Josh, do we need to open another bug for the noted CANs?
Yes we'll want to open a new bug for all these issues. We also need
to figure out what these are and find some fixes. Do you know if/when
upstream has fixed these?
CAN-2004-1009: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)
CAN-2004-1090: mc-4.5.51 (RHEL2.1) vulnerable, patch applied in FC3/devel mc version
CAN-2004-1091: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel versions unaffected
(gnome support dropped)
CAN-2004-1092: mc-4.5.51 (RHEL2.1) NOT vulnerable -> no implementation for
mc_mkstemps(), FC3/devel versions unaffected (no gnome support, fixed
implementattion of mc_mkstemps)
CAN-2004-1093: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected
CAN-2004-1174: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected
CAN-2004-1175: mc-4.5.51 (RHEL2.1) vulnerable, FC3/devel mc unaffected
Josh, could you please open a new bug for this? Note that only RHEL2.1 mc is
Closing ERRATA again because the CANs reported by the original bugreport are
resolved and erratum is released.
Just follow the pointers that I put in comment #2. See the SRPM for
RHL 7.3 or dig into Debian's patch archive to extract the appropriate
patches. They are clearly commented, but IIRC they are diffs of diffs.