6180496 2001-03-06 12:08 -0800  /70 rader/ Greg KH <greg@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-03-06  22:28  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15780>
Ärende: Immunix OS Security update for joe
------------------------------------------------------------
-----------------------------------------------------------------------
	Immunix OS Security Advisory
Packages updated:	joe
Affected products:	Immunix OS 6.2 and 7.0-beta
Bugs Fixed:		immunix/1329
Date:			March 6, 2001
Advisory ID:		IMNX-2001-70-005-01
Author:			Greg Kroah-Hartman <greg@wirex.com>
-----------------------------------------------------------------------
Description:
  The version of joe shipped in Immunix OS 6.2 and 7.0-beta looks for a
  configuration file in the current working directory, the user's home
  directory and in /etc/joe.  A malicious user could create their own
  .joerc configuration file and try to get other users to use it.  If
  this happens, the user could execute malicious commands with their own
  user id and privilege.  This problem was originally reported by WKIT
  Security AB and more information on it can be found at
  http://www.wkit.com/content/eng/advisories/wsir0202.txt
  
  Immunix 7.0 does not install the joe package by default but
  provides it in the extras/unsupported directory so it is not
  vulnerable unless the joe package has been installed manually by
  the system administrator.
  
  Packages have been created and released that fix this problem.
Package names and locations:
  Precompiled binary package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/RPMS/joe-2.8-43.62_StackGuard.i386.rpm
  
  Source package for Immunix 6.2 is available at:
    http://immunix.org/ImmunixOS/6.2/updates/SRPMS/joe-2.8-43.62_StackGuard.src.rpm
  Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/RPMS/joe-2.8-43.7_imnx.i386.rpm
  
  Source package for Immunix 7.0-beta and 7.0 is available at:
    http://immunix.org/ImmunixOS/7.0/updates/SRPMS/joe-2.8-43.7_imnx.src.rpm
md5sums of the packages:
  af4179632fec1a6bf165f3c36323d1ec  joe-2.8-43.62_StackGuard.i386.rpm
  70a5925864e02b8ac3118d20aec97d7f  joe-2.8-43.62_StackGuard.src.rpm
  ae0d34096476456ac3df90358d9b7723  joe-2.8-43.7_imnx.i386.rpm
  5ca9476b3284b9d559dd786ea0c43dca  joe-2.8-43.7_imnx.src.rpm
Online version of all Immunix 6.2 updates and advisories:
  http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
  http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
  http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html
(6180496) --------------------------------(Ombruten)
Bilaga (application/pgp-signature) i text 6180497
6180497 2001-03-06 12:08 -0800  /10 rader/ Greg KH <greg@WIREX.COM>
Importerad: 2001-03-06  22:28  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: greg@WIREX.COM
Mottagare: Bugtraq (import) <15781>
Bilaga (text/plain) till text 6180496
Ärende: Bilaga till: Immunix OS Security update for joe
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6pUPBAl5ylTeuKpURAlneAJ4s/EUf3f6OQCGbz33MKO3Eiz0o2gCgnVLh
H/hgyzKcM2mHHaQJ7jI4Bi8=
=HD8F
-----END PGP SIGNATURE-----
(6180497) ------------------------------------------