Debian Security Advisory DSA 005-1 (slocate)

Summary
The remote host is missing an update to slocate announced via advisory DSA 005-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20005-1
Insight
Michel Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered there was a bug in the database reading code which made it overwrite a internal structure with some input. He then showed this could be exploited to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This has been fixed in version 2.4-2potato1 and we recommend that you upgrade your slocate package immediately.