diff options
author | recht <recht> | 2003-11-05 00:05:06 +0000 |
---|---|---|
committer | recht <recht> | 2003-11-05 00:05:06 +0000 |
commit | 2e708d023397aeb250c184dd3375d568c7141619 (patch) | |
tree | eaaa5f164a6a5266127c3c08f0c2f98c86e0c711 /sysutils/rox-system | |
parent | 5111e1aeb9369433a62c05a1b3a20497c9992fe7 (diff) | |
download | pkgsrc-2e708d023397aeb250c184dd3375d568c7141619.tar.gz |
Fix two security issues:
1.)
An integer overflow in ls in the fileutils or coreutils packages may allow
local users to cause a denial of service or execute arbitrary code via a
large -w value, which could be remotely exploited via applications that use
ls, such as wu-ftpd.
2.)
ls in the fileutils or coreutils packages allows local users to consume a
large amount of memory via a large -w value, which can be remotely exploited
via applications that use ls, such as wu-ftpd.
See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
and the original report
http://www.guninski.com/binls.html
for details.
Patches taken from Red Hat's Security Advisory RHSA-2003:309-01.
reported by reed@
bump PKGREVISION
Diffstat (limited to 'sysutils/rox-system')
0 files changed, 0 insertions, 0 deletions