Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 2.2 DSA-041-1 Critical: Local Exploit In Joe's Editor

debian
Calendar Grey March 9, 2001
Debian Logo
A critical local exploit in Joe's Editor discovered, impacting Debian systems. Immediate update advised for security protection.
Christer Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor).

Summary

Package : joe
Problem type : local exploit
Debian-specific: no

Christer Öberg of Wkit Security AB found a problem in joe (Joe's
Own Editor). joe will look for a configuration file in three
locations: the current directory, the users homedirectory ($HOME)
and in /etc/joe. Since the configuration file can define commands
joe will run (for example to check spelling) reading it from
the current directory can be dangerous: an attacker can leave
a .joerc file in a writable directory, which would be read when
a unsuspecting user starts joe in that directory.

This has been fixed in version 2.8-15.3 and we recommend that
you upgrade your joe package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

MD5 checksum: cd6b006c8a2426ada62a6af1ddd001fe

MD5 checksum: 4f...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.