Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in emacs
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in emacs
ID: RHSA-2005:110-01
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux
Datum: Mi, 16. Februar 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0100
Applikationen: Emacs

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: emacs security update
Advisory ID: RHSA-2005:110-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-110.html
Issue date: 2005-02-15
Updated on: 2005-02-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0100
---------------------------------------------------------------------

1. Summary:

Updated Emacs packages that fix a string format issue are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Emacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs. If a user connects to a malicious POP server,
an attacker can execute arbitrary code as the user running emacs. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which
contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146702 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm

ppc:
aa1df458e29f1fc3a9c5683cc63569db emacs-21.3-19.EL.1.ppc.rpm
cf1c15b8b68fea1700873af27a6224fb emacs-common-21.3-19.EL.1.ppc.rpm
b329aa4d9525c604cecec7cd8dd51a6e emacs-el-21.3-19.EL.1.ppc.rpm
cc8d208922f5008ab6804b6a9e63a614 emacs-leim-21.3-19.EL.1.ppc.rpm
9bccad4563f257e4163fea463e36eb82 emacs-nox-21.3-19.EL.1.ppc.rpm

s390:
d88c1758f21c4220c3df0711343908f0 emacs-21.3-19.EL.1.s390.rpm
ca6a5718a17bdd4bb8658d120f09cc83 emacs-common-21.3-19.EL.1.s390.rpm
82525d517fb1e6b2ece6c6358c06c816 emacs-el-21.3-19.EL.1.s390.rpm
a396774e36429c5ebd427b737903f687 emacs-leim-21.3-19.EL.1.s390.rpm
8462339636d4c473187c91df847a0819 emacs-nox-21.3-19.EL.1.s390.rpm

s390x:
12a3ccc10b35c10326bc6bb5f0debc0b emacs-21.3-19.EL.1.s390x.rpm
3cae3da5240a0f9b58917ebcdccc96b1 emacs-common-21.3-19.EL.1.s390x.rpm
e5ecc6b2391f279dbf5e277d294496a9 emacs-el-21.3-19.EL.1.s390x.rpm
3c03be453391e596378a3ae06b537dc6 emacs-leim-21.3-19.EL.1.s390x.rpm
9d03750e15609eb23e5c782ceeb39d7d emacs-nox-21.3-19.EL.1.s390x.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm
0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCEc6QXlSAg2UNWIIRAk+hAKC0zl4FAY1FFiCMhxGRFUfS8eqAMACgq8qB
caZgivwMOk/QOA2WKsCtZwM=
=WgpV
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung