LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: New emacs packages available Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux With emacs < 20.7, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses.
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          New emacs packages available
Advisory ID:       RHSA-2000:036-01
Issue date:        2000-06-15
Updated on:        2000-06-15
Product:           Red Hat Linux
Keywords:          emacs vulnerability
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

With emacs < 20.7, unprivileged local users can eavesdrop the communication 
between Emacs and its subprocesses.

2. Relevant releases/architectures:

Red Hat Linux 6.0 - i386 alpha sparc
Red Hat Linux 6.1 - i386 alpha sparc
Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

With emacs < 20.7, unprivileged local users can eavesdrop the communication 
between Emacs and its subprocesses.

This release also fix many minor problems.

The problem also exists for Red Hat 5.x. Unfortunately, the fixes require UNIX98 
PTYs. This is only available on Red Hat 6.x and higher. If this problem concerns 
you, an upgrade is recommended.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.Red Hat.com/bugzilla for more info):

11335 - emacs-nox built with X11 locale
10948 - emacs-nox does not accept pasted data
10798 - Emacs shell-script mode doesn't know about bash2
9895 - Nit: png file marked as conf file.


6. RPMs required:

Red Hat Linux 6.2:

intel:
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/i386/emacs-20.7-1.i386.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/i386/emacs-el-20.7-1.i386.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/i386/emacs-X11-20.7-1.i386.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/i386/emacs-leim-20.7-1.i386.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/i386/emacs-nox-20.7-1.i386.rpm

alpha:
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/alpha/emacs-20.7-1.alpha.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/alpha/emacs-el-20.7-1.alpha.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/alpha/emacs-X11-20.7-1.alpha.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/alpha/emacs-leim-20.7-1.alpha.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/alpha/emacs-nox-20.7-1.alpha.rpm

sparc:
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/sparc/emacs-20.7-1.sparc.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/sparc/emacs-el-20.7-1.sparc.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/sparc/emacs-X11-20.7-1.sparc.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/sparc/emacs-leim-20.7-1.sparc.rpm
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/sparc/emacs-nox-20.7-1.sparc.rpm

sources:
ftp://ftp.Red Hat.com/Red Hat/updates/6.2/SRPMS/emacs-20.7-1.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
4338ef85b6f9c374879eeee77ae0eee9  6.2/SRPMS/emacs-20.7-1.src.rpm
9fbdc8b24f30bc0784a75b5d169df0c7  6.2/alpha/emacs-20.7-1.alpha.rpm
c008af143f571ae71d4f5415bd82968d  6.2/alpha/emacs-X11-20.7-1.alpha.rpm
718587a7b03c7b216d8c7825bedf1a0f  6.2/alpha/emacs-el-20.7-1.alpha.rpm
12add74edfdbb60bbf62db1a6fd8f89e  6.2/alpha/emacs-leim-20.7-1.alpha.rpm
1fa10098c9e56296d8d10a8e198b6e12  6.2/alpha/emacs-nox-20.7-1.alpha.rpm
e51141f6c521cf8009cc94669e00dc3f  6.2/i386/emacs-20.7-1.i386.rpm
7e2254b2c46deeb6a1ee8840cd4b2c2a  6.2/i386/emacs-X11-20.7-1.i386.rpm
27ef1a3ba0d97968ccca79d5421b8a1b  6.2/i386/emacs-el-20.7-1.i386.rpm
9057e85bf9cfd24057d0bdc8f16164ad  6.2/i386/emacs-leim-20.7-1.i386.rpm
19a8145b213dbcb54a3d8bad1fadcda0  6.2/i386/emacs-nox-20.7-1.i386.rpm
b4d69bb3e1ca46e2e164b2c342e7e615  6.2/sparc/emacs-20.7-1.sparc.rpm
2fc732546034395a8921fd2541f49fa1  6.2/sparc/emacs-X11-20.7-1.sparc.rpm
10e8880bf285287f328cf28888e0dcf1  6.2/sparc/emacs-el-20.7-1.sparc.rpm
0cc9c30a1bb74774913603def608fc55  6.2/sparc/emacs-leim-20.7-1.sparc.rpm
a6ae2d4b6afcb0022d59183b12472361  6.2/sparc/emacs-nox-20.7-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

http://www.securityfocus.com/bid/1125
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DARPA-derived secure microkernel goes open source tomorrow
Hacker Gary McKinnon turns into a search expert
Hackers seed Amazon cloud with potent denial-of-service bots
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.