LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: emacs security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update
Advisory ID:       RHSA-2005:110-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-110.html
Issue date:        2005-02-15
Updated on:        2005-02-15
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0100
- ---------------------------------------------------------------------

1. Summary:

Updated Emacs packages that fix a string format issue are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Emacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs.  If a user connects to a malicious POP server,
an attacker can execute arbitrary code as the user running emacs.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which
contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146702 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

ppc:
aa1df458e29f1fc3a9c5683cc63569db  emacs-21.3-19.EL.1.ppc.rpm
cf1c15b8b68fea1700873af27a6224fb  emacs-common-21.3-19.EL.1.ppc.rpm
b329aa4d9525c604cecec7cd8dd51a6e  emacs-el-21.3-19.EL.1.ppc.rpm
cc8d208922f5008ab6804b6a9e63a614  emacs-leim-21.3-19.EL.1.ppc.rpm
9bccad4563f257e4163fea463e36eb82  emacs-nox-21.3-19.EL.1.ppc.rpm

s390:
d88c1758f21c4220c3df0711343908f0  emacs-21.3-19.EL.1.s390.rpm
ca6a5718a17bdd4bb8658d120f09cc83  emacs-common-21.3-19.EL.1.s390.rpm
82525d517fb1e6b2ece6c6358c06c816  emacs-el-21.3-19.EL.1.s390.rpm
a396774e36429c5ebd427b737903f687  emacs-leim-21.3-19.EL.1.s390.rpm
8462339636d4c473187c91df847a0819  emacs-nox-21.3-19.EL.1.s390.rpm

s390x:
12a3ccc10b35c10326bc6bb5f0debc0b  emacs-21.3-19.EL.1.s390x.rpm
3cae3da5240a0f9b58917ebcdccc96b1  emacs-common-21.3-19.EL.1.s390x.rpm
e5ecc6b2391f279dbf5e277d294496a9  emacs-el-21.3-19.EL.1.s390x.rpm
3c03be453391e596378a3ae06b537dc6  emacs-leim-21.3-19.EL.1.s390x.rpm
9d03750e15609eb23e5c782ceeb39d7d  emacs-nox-21.3-19.EL.1.s390x.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Canadians arrest a Heartbleed hacker
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.