LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New emacs20 packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 670-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 8th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : emacs20
Vulnerability  : format string
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0100

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs, the well-known editor.  Via connecting to a
malicious POP server an attacker can execute arbitrary code under the
privileges of group mail.

For the stable distribution (woody) these problems have been fixed in
version 20.7-13.3.

The unstable distribution (sid) does not contain an Emacs20 package
anymore.

We recommend that you upgrade your emacs packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.dsc
      Size/MD5 checksum:      623 a1747d7a2adc0269123d7b9430782f81
    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.diff.gz
      Size/MD5 checksum:    63385 e3762c400bee11fbfdb7aaf520854fa6
    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7.orig.tar.gz
      Size/MD5 checksum: 18451553 879d5eaf52f0063a2948a0e1cfc3e886

  Architecture independent components:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20-el_20.7-13.3_all.deb
      Size/MD5 checksum:  5733996 bde64de09a9b2485b81aaaecd9318d97

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_alpha.deb
      Size/MD5 checksum:  9299902 3fd599dcf23a59d69aeb30cdfeb0bc1a

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_arm.deb
      Size/MD5 checksum:  9053904 225b349728df97f1908966e663c2ce1c

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_i386.deb
      Size/MD5 checksum:  8983948 5da8b74b0bbffd9d7ae04e9d3d7ad44b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_ia64.deb
      Size/MD5 checksum:  9563936 58ff45962cf2e7f5304b9f10e792c685

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_hppa.deb
      Size/MD5 checksum:  9226312 94f642cf49a685de3f3ec7b6da9f6121

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_m68k.deb
      Size/MD5 checksum:  8977188 b6248cb5843a342bd3a6bb0cd60f34dd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mips.deb
      Size/MD5 checksum:  9218238 44ecc07fa53fabf4b1398e817722573d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mipsel.deb
      Size/MD5 checksum:  9178056 68daa071410f9c64294878e04c48383d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_powerpc.deb
      Size/MD5 checksum:  9095196 e9c2599335c5b96bfd5d831925568d8d

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_s390.deb
      Size/MD5 checksum:  9094704 25be346bd91d34abcfe7724e3602c45c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_sparc.deb
      Size/MD5 checksum:  9085792 1abfcd061af7cdb4e3cf8cd28b771865


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.