USN-425-1: slocate vulnerability

22 February 2007

slocate vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

Details

A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory’s “read” bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.10
slocate - 3.1-1ubuntu0.1
Ubuntu 6.06 LTS
slocate - 3.0.beta.r3-1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References