Slackware: emacs and gpm vulnerabilities

    Date25 Apr 2000
    CategorySlackware
    5841
    Posted ByLinuxSecurity Advisories
    Unauthorized access and other security vulnerabilities are present in emacs and gpm for Slackware 7.0 and slackware-current.
    There are two security updates available for Slackware 7.0 and 
    slackware-current. Affected packages are gpm.tgz and the E series (Emacs).
    Users are advised to upgrade these packages as soon as possible.
    
       ===================================
       gpm 1.19.2 AVAILABLE - (a1/gpm.tgz)
       ===================================
    
          gpm was upgraded to 1.19.2 to fix remaining security problems in the
          gpm-root daemon.
    
       =================================
       emacs 20.6 AVAILABLE - (e1/*.tgz)
       =================================
    
          The E series was upgraded to GNU emacs 20.6.  This upgraded the
          following packages:
    
             elisp.tgz
             emac_nox.tgz
             emacinfo.tgz
             emacleim.tgz
             emacmisc.tgz
             emacsbin.tgz
    
          The recent security patch posted to BugTraq by RUS-CERT, University
          of Stuttgart was applied before building the packages.  The holes
          fixed include:
    
             o   Under certain circumstances, unprivileged local users can
                 eavesdrop the communication between Emacs and its subprocesses.
    
             o   It is impossible to safely create temporary files in a public
                 directory from Emacs Lisp.
    
             o   The history of recently typed keys may expose passwords.
    
          The entire advisory (as well as the patch) can be read on
          ftp.slackware.com in:
             /pub/slackware/slackware-current/source/e/emacs-rus-cert.diff.gz
    
    Separate patches will not be produced for the /patches directory in the
    Slackware 7.0 distribution tree.  Users of Slackware 7.0 can download the
    necessary packages from the Slackware-current tree and run upgradepkg to
    install them.
    
    It's generally a good idea to bring your system into runlevel 1 when doing
    package upgrades, just to minimize error.
    
       # telinit 1
       # upgradepkg 
       # telinit 3
    
    Remember, it's also a good idea to backup configuration files before upgrading
    packages.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.