Debian: New emacs20 packages fix arbitrary code execution

    Date07 Feb 2005
    CategoryDebian
    6201
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 670-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    February 8th, 2005                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : emacs20
    Vulnerability  : format string
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0100
    
    Max Vozeler discovered several format string vulnerabilities in the
    movemail utility of Emacs, the well-known editor.  Via connecting to a
    malicious POP server an attacker can execute arbitrary code under the
    privileges of group mail.
    
    For the stable distribution (woody) these problems have been fixed in
    version 20.7-13.3.
    
    The unstable distribution (sid) does not contain an Emacs20 package
    anymore.
    
    We recommend that you upgrade your emacs packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.dsc
          Size/MD5 checksum:      623 a1747d7a2adc0269123d7b9430782f81
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.diff.gz
          Size/MD5 checksum:    63385 e3762c400bee11fbfdb7aaf520854fa6
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7.orig.tar.gz
          Size/MD5 checksum: 18451553 879d5eaf52f0063a2948a0e1cfc3e886
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20-el_20.7-13.3_all.deb
          Size/MD5 checksum:  5733996 bde64de09a9b2485b81aaaecd9318d97
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_alpha.deb
          Size/MD5 checksum:  9299902 3fd599dcf23a59d69aeb30cdfeb0bc1a
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_arm.deb
          Size/MD5 checksum:  9053904 225b349728df97f1908966e663c2ce1c
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_i386.deb
          Size/MD5 checksum:  8983948 5da8b74b0bbffd9d7ae04e9d3d7ad44b
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_ia64.deb
          Size/MD5 checksum:  9563936 58ff45962cf2e7f5304b9f10e792c685
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_hppa.deb
          Size/MD5 checksum:  9226312 94f642cf49a685de3f3ec7b6da9f6121
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_m68k.deb
          Size/MD5 checksum:  8977188 b6248cb5843a342bd3a6bb0cd60f34dd
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mips.deb
          Size/MD5 checksum:  9218238 44ecc07fa53fabf4b1398e817722573d
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mipsel.deb
          Size/MD5 checksum:  9178056 68daa071410f9c64294878e04c48383d
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_powerpc.deb
          Size/MD5 checksum:  9095196 e9c2599335c5b96bfd5d831925568d8d
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_s390.deb
          Size/MD5 checksum:  9094704 25be346bd91d34abcfe7724e3602c45c
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_sparc.deb
          Size/MD5 checksum:  9085792 1abfcd061af7cdb4e3cf8cd28b771865
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.