"slocate" is a program which catalogues existing files and allows
for a quick lookup later. There is a vulnerability present in
previous versions. By giving it a crafted database, an attacker
could make slocate execute arbitrary code as the "slocate" user.
Additionally, a bug which caused slocate to segfault with large
pathnames was fixed.
All users should upgrade the slocate package.
Thanks to zorgon, Michel Kaempf and the author, Kevin
Users of Conectiva Linux version 6.0 or higher may use apt to
- add the following line to /etc/apt/sources.list if it is not
there yet (you may also use linuxconf to do this):
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.