kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/sysutils/coreutils
History
recht 0c58bd1726 Fix two security issues: 
1.)
An integer overflow in ls in the fileutils or coreutils packages may allow
local users to cause a denial of service or execute arbitrary code via a
large -w value, which could be remotely exploited via applications that use
ls, such as wu-ftpd.

2.)
ls in the fileutils or coreutils packages allows local users to consume a
large amount of memory via a large -w value, which can be remotely exploited
via applications that use ls, such as wu-ftpd.

See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
and the original report
http://www.guninski.com/binls.html
for details.

Patches taken from Red Hat's Security Advisory RHSA-2003:309-01.

reported by reed@
bump PKGREVISION
2003-11-05 00:05:06 +00:00
..
patches Fix two security issues: 2003-11-05 00:05:06 +00:00
DESCR Drop trailing whitespace. Ok'ed by wiz. 2003-05-06 17:40:18 +00:00
distinfo Fix two security issues: 2003-11-05 00:05:06 +00:00
Makefile Fix two security issues: 2003-11-05 00:05:06 +00:00
PLIST Convert to USE_NEW_TEXINFO. 2003-08-05 13:51:21 +00:00