[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

(fwd) [SECURITY] New version of joe released

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: (fwd) [SECURITY] New version of joe released
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Fri, 24 Nov 2000 10:13:41 +0530 (IST)
Reply-to: raju@xxxxxxxxxxxxxxx

[All distributions with Joe are vulnerable.  Please upgrade if you use
Joe -- Raju]

This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------

Return-Path: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
X-Debian: PGP check passed for security officers
Priority: urgent
X-Mailing-List: <debian-security-announce@xxxxxxxxxxxxxxxx> archive/latest/164
X-Loop: debian-security-announce@xxxxxxxxxxxxxxxx
Precedence: list
Message-ID:  <ZtCIvB.A.fUC.8rxG6@murphy>
Reply-To: security@xxxxxxxxxx
Comments:     Resent-From: debian-security-announce@xxxxxxxxxxxxxxxx
Comments:     Originally-From: Wichert Akkerman <wichert@xxxxxxxxxx>
From: debian-security-announce@xxxxxxxxxxxxxxxx
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject:      [SECURITY] New version of joe released
Date:         Tue, 21 Nov 2000 17:37:32 -0800

-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@xxxxxxxxxx
http://www.debian.org/security/                         Wichert Akkerman
November 22, 2000
- ------------------------------------------------------------------------


Package        : joe
Problem type   : symlink attack
Debian-specific: no

When joe (Joe's Own Editor) dies due to a signal instead of a normal
exit it saves a list of the files it is editing to a file called `DEADJOE'
in its current directory. Unfortunately this wasn't done safely which made
joe vulnerable to a symlink attack.

This has been fixed in version 2.8-15.1 .

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.1.diff.gz
      MD5 checksum: 94131d7638b028e6bd6f529747b9d318
    http://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.1.dsc
      MD5 checksum: 5ad45a1fa1a293bef03786f9258bf846
    http://security.debian.org/dists/stable/updates/main/source/joe_2.8.orig.tar.gz
      MD5 checksum: 84c1aebfce7876b8639945da3c29f204

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/joe_2.8-15.1_alpha.deb
      MD5 checksum: defbc5c39a2ae8ed000b7b302ecd339f

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/joe_2.8-15.1_arm.deb
      MD5 checksum: bcb70726840c2cf11cba068ce2a826be

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/joe_2.8-15.1_i386.deb
      MD5 checksum: 21444255b240be01132208e5cb1d3439

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/joe_2.8-15.1_m68k.deb
      MD5 checksum: a4b275c324956489bf7558d42a80f22f

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/joe_2.8-15.1_powerpc.deb
      MD5 checksum: 689d54abe039ded6e82bf60115737631

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/joe_2.8-15.1_sparc.deb
      MD5 checksum: 8846236e9158cf3f3d7f1b8edce73d40

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- --
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOhsaEajZR/ntlUftAQGsNQL/YhFzIUOMo1qiwTjdaRTqUj548q3Snlpd
TkkqWAMMCzA+uh60N/BWTe2/q8/oktG3UoT0eCNV/8LeiC9nqvxBrvwG+gA7oDag
IvYUUzR1rQ33vU0O9nITfaO+2BIGQezM
=0zSi
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-request@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

------------------------------

End of this Digest
******************

Prev by Subject: (fwd) [SECURITY] New version of ethereal released
Next by Subject: (fwd) MDKSA-2000:068-1 - openssh update
Previous by thread: (fwd) [SECURITY] New Debian xmcd packages released
Next by thread: (fwd) [SECURITY] New version of ethereal released
Index(es):
- Subject
- Thread