Fedora Core Advisory: slocate | Linux Today

Fedora Core Advisory: slocate

Written By
Web Webster
Web Webster
Jan 26, 2004

Fedora Update Notification
FEDORA-2004-059
2004-01-26


Name : slocate
Version : 2.7
Release : 4
Summary : Finds files on a system via a central database.

Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated
nightly) for files which match a given pattern. Slocate allows you
to quickly find files anywhere on your system.


Update Information:

Patrik Hornik discovered a vulnerability in Slocate versions up
to and including 2.7 where a carefully crafted database could
overflow a heap-based buffer. A local user could exploit this
vulnerability to gain “slocate” group privileges and then read the
entire slocate database. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2003-0848 to this issue.

Users of Slocate should upgrade to these packages which contain
a patch from Kevin Lindsay which causes slocate to drop privileges
before reading a user-supplied database.


* Wed Jan 21 2004 Mark Cox <mjc@redhat.com>

  • drop privs for non slocate gid databases (CAN-2003-0848)
  • update to 2.7

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

01bf7fd37e5eeb0f4ec4bdc09a4f236e SRPMS/slocate-2.7-4.src.rpm
ecec8659907bbbe65297b634d930b9ae i386/slocate-2.7-4.i386.rpm
33661442e2657b361a64acac29e0cea8
i386/debug/slocate-debuginfo-2.7-4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.