- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: xemacs security update
Advisory ID:       RHSA-2005:133-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:133.html
Issue date:        2005-02-15
Updated on:        2005-02-15
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0100
- ---------------------------------------------------------------------1. Summary:

Updated XEmacs packages that fix a string format issue are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

XEmacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of XEmacs.  If a user connects to a malicious POP server,
an attacker can execute arbitrary code as the user running xemacs.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0100 to this issue.

Users of XEmacs are advised to upgrade to these updated packages, which
contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146706 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
3578571b8fbfa877446ff2bf2aba4d33  xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df  xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff  xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce  xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be  xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d  xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438  xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73  xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b  xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6  xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a  xemacs-nox-21.4.15-10.EL.1.ia64.rpm

ppc:
604b838be1c70f78a069838aedd3583f  xemacs-21.4.15-10.EL.1.ppc.rpm
19ca8f80d9150c61a4e4532003caa40a  xemacs-common-21.4.15-10.EL.1.ppc.rpm
98623c7463fa2f35562a7bac89f24a59  xemacs-el-21.4.15-10.EL.1.ppc.rpm
659cf3c867f3c1089936c0eae8646995  xemacs-info-21.4.15-10.EL.1.ppc.rpm
ce04905c75b1c1b4e250ec64b646c088  xemacs-nox-21.4.15-10.EL.1.ppc.rpm

s390:
67c1e30c3da90c9f929a0454cda90480  xemacs-21.4.15-10.EL.1.s390.rpm
87f1b473112c1417e3e5005898aeaba7  xemacs-common-21.4.15-10.EL.1.s390.rpm
62b74ac3cc227f94c7385616e6e98bb9  xemacs-el-21.4.15-10.EL.1.s390.rpm
931788a7c98b15bf3971f512e74f6c9a  xemacs-info-21.4.15-10.EL.1.s390.rpm
1c4fc34a77f266dd46036f28f2355552  xemacs-nox-21.4.15-10.EL.1.s390.rpm

s390x:
43e7f05b16a56833fba58286f84aff3a  xemacs-21.4.15-10.EL.1.s390x.rpm
9d5ab2fcf69ede7e50beca7d057c364e  xemacs-common-21.4.15-10.EL.1.s390x.rpm
705516d8db6bfae82a7c600db243a55e  xemacs-el-21.4.15-10.EL.1.s390x.rpm
0d10cc5bb25fcf0e7f8a135c5d59dfb9  xemacs-info-21.4.15-10.EL.1.s390x.rpm
0f2a83207bd62d69ad51e35c8ba7713a  xemacs-nox-21.4.15-10.EL.1.s390x.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc  xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b  xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804  xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f  xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2  xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
3578571b8fbfa877446ff2bf2aba4d33  xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df  xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff  xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce  xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be  xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d  xemacs-nox-21.4.15-10.EL.1.i386.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc  xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b  xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804  xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f  xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2  xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
3578571b8fbfa877446ff2bf2aba4d33  xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df  xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff  xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce  xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be  xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d  xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438  xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73  xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b  xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6  xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a  xemacs-nox-21.4.15-10.EL.1.ia64.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc  xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b  xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804  xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f  xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2  xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
3578571b8fbfa877446ff2bf2aba4d33  xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df  xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff  xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce  xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be  xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d  xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438  xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73  xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b  xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6  xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a  xemacs-nox-21.4.15-10.EL.1.ia64.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc  xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b  xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804  xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f  xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2  xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.