OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: redhat-watch-list-adminredhat.com
Date: Thu Jun 15 2000 - 16:30:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ---------------------------------------------------------------------
                       Red Hat, Inc. Security Advisory

    Synopsis: New emacs packages available
    Advisory ID: RHSA-2000:036-01
    Issue date: 2000-06-15
    Updated on: 2000-06-15
    Product: Red Hat Linux
    Keywords: emacs vulnerability
    Cross references: N/A
    ---------------------------------------------------------------------

    1. Topic:

    With emacs < 20.7, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses.

    2. Relevant releases/architectures:

    Red Hat Linux 6.0 - i386 alpha sparc
    Red Hat Linux 6.1 - i386 alpha sparc
    Red Hat Linux 6.2 - i386 alpha sparc

    3. Problem description:

    With emacs < 20.7, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses.

    This release also fix many minor problems.

    The problem also exists for Red Hat 5.x. Unfortunately, the fixes require UNIX98 PTYs. This is only available on Red Hat 6.x and higher. If this problem concerns you, an upgrade is recommended.

    4. Solution:

    For each RPM for your particular architecture, run:

    rpm -Fvh [filename]

    where filename is the name of the RPM.

    5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

    11335 - emacs-nox built with X11 locale
    10948 - emacs-nox does not accept pasted data
    10798 - Emacs shell-script mode doesn't know about bash2
    9895 - Nit: png file marked as conf file.

    6. RPMs required:

    Red Hat Linux 6.2:

    intel:
    ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-20.7-1.i386.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-el-20.7-1.i386.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-X11-20.7-1.i386.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-leim-20.7-1.i386.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-nox-20.7-1.i386.rpm

    alpha:
    ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-20.7-1.alpha.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-el-20.7-1.alpha.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-X11-20.7-1.alpha.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-leim-20.7-1.alpha.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-nox-20.7-1.alpha.rpm

    sparc:
    ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-20.7-1.sparc.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-el-20.7-1.sparc.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-X11-20.7-1.sparc.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-leim-20.7-1.sparc.rpm
    ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-nox-20.7-1.sparc.rpm

    sources:
    ftp://ftp.redhat.com/redhat/updates/6.2/SRPMS/emacs-20.7-1.src.rpm

    7. Verification:

    MD5 sum Package Name
    --------------------------------------------------------------------------
    4338ef85b6f9c374879eeee77ae0eee9 6.2/SRPMS/emacs-20.7-1.src.rpm
    9fbdc8b24f30bc0784a75b5d169df0c7 6.2/alpha/emacs-20.7-1.alpha.rpm
    c008af143f571ae71d4f5415bd82968d 6.2/alpha/emacs-X11-20.7-1.alpha.rpm
    718587a7b03c7b216d8c7825bedf1a0f 6.2/alpha/emacs-el-20.7-1.alpha.rpm
    12add74edfdbb60bbf62db1a6fd8f89e 6.2/alpha/emacs-leim-20.7-1.alpha.rpm
    1fa10098c9e56296d8d10a8e198b6e12 6.2/alpha/emacs-nox-20.7-1.alpha.rpm
    e51141f6c521cf8009cc94669e00dc3f 6.2/i386/emacs-20.7-1.i386.rpm
    7e2254b2c46deeb6a1ee8840cd4b2c2a 6.2/i386/emacs-X11-20.7-1.i386.rpm
    27ef1a3ba0d97968ccca79d5421b8a1b 6.2/i386/emacs-el-20.7-1.i386.rpm
    9057e85bf9cfd24057d0bdc8f16164ad 6.2/i386/emacs-leim-20.7-1.i386.rpm
    19a8145b213dbcb54a3d8bad1fadcda0 6.2/i386/emacs-nox-20.7-1.i386.rpm
    b4d69bb3e1ca46e2e164b2c342e7e615 6.2/sparc/emacs-20.7-1.sparc.rpm
    2fc732546034395a8921fd2541f49fa1 6.2/sparc/emacs-X11-20.7-1.sparc.rpm
    10e8880bf285287f328cf28888e0dcf1 6.2/sparc/emacs-el-20.7-1.sparc.rpm
    0cc9c30a1bb74774913603def608fc55 6.2/sparc/emacs-leim-20.7-1.sparc.rpm
    a6ae2d4b6afcb0022d59183b12472361 6.2/sparc/emacs-nox-20.7-1.sparc.rpm

    These packages are GPG signed by Red Hat, Inc. for security. Our key
    is available at:
        http://www.redhat.com/corp/contact.html

    You can verify each package with the following command:
        rpm --checksig <filename>

    If you only wish to verify that each package has not been corrupted or
    tampered with, examine only the md5sum with the following command:
        rpm --checksig --nogpg <filename>

    8. References:

    http://www.securityfocus.com/bid/1125 

    -- 
         To unsubscribe: mail redhat-watch-list-requestredhat.com with 
                       "unsubscribe" as the Subject.

    -- 
To unsubscribe:
mail -s unsubscribe redhat-announce-list-requestredhat.com < /dev/null

    _______________________________________________
Redhat-watch-list mailing list
To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list