Immunix OS Security update for joe

From: Greg KH (greg@WIREX.COM)
Date: Tue Mar 06 2001 - 21:08:34 CET

  • Next message: Thomas Biege: "SuSE Security Announcement: joe (SuSE-SA:2001:09)"

    -----------------------------------------------------------------------
            Immunix OS Security Advisory

    Packages updated: joe
    Affected products: Immunix OS 6.2 and 7.0-beta
    Bugs Fixed: immunix/1329
    Date: March 6, 2001
    Advisory ID: IMNX-2001-70-005-01
    Author: Greg Kroah-Hartman <greg@wirex.com>
    -----------------------------------------------------------------------

    Description:
      The version of joe shipped in Immunix OS 6.2 and 7.0-beta looks for a
      configuration file in the current working directory, the user's home
      directory and in /etc/joe. A malicious user could create their own
      .joerc configuration file and try to get other users to use it. If
      this happens, the user could execute malicious commands with their own
      user id and privilege. This problem was originally reported by WKIT
      Security AB and more information on it can be found at
      http://www.wkit.com/content/eng/advisories/wsir0202.txt
      
      Immunix 7.0 does not install the joe package by default but provides
      it in the extras/unsupported directory so it is not vulnerable unless
      the joe package has been installed manually by the system
      administrator.
      
      Packages have been created and released that fix this problem.

    Package names and locations:

      Precompiled binary package for Immunix 6.2 is available at:
        http://immunix.org/ImmunixOS/6.2/updates/RPMS/joe-2.8-43.62_StackGuard.i386.rpm
      
      Source package for Immunix 6.2 is available at:
        http://immunix.org/ImmunixOS/6.2/updates/SRPMS/joe-2.8-43.62_StackGuard.src.rpm

      Precompiled binary package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/RPMS/joe-2.8-43.7_imnx.i386.rpm
      
      Source package for Immunix 7.0-beta and 7.0 is available at:
        http://immunix.org/ImmunixOS/7.0/updates/SRPMS/joe-2.8-43.7_imnx.src.rpm

    md5sums of the packages:
      af4179632fec1a6bf165f3c36323d1ec joe-2.8-43.62_StackGuard.i386.rpm
      70a5925864e02b8ac3118d20aec97d7f joe-2.8-43.62_StackGuard.src.rpm
      ae0d34096476456ac3df90358d9b7723 joe-2.8-43.7_imnx.i386.rpm
      5ca9476b3284b9d559dd786ea0c43dca joe-2.8-43.7_imnx.src.rpm

    Online version of all Immunix 6.2 updates and advisories:
      http://immunix.org/ImmunixOS/6.2/updates/

    Online version of all Immunix 7.0-beta updates and advisories:
      http://immunix.org/ImmunixOS/7.0-beta/updates/

    Online version of all Immunix 7.0 updates and advisories:
      http://immunix.org/ImmunixOS/7.0/updates/

    NOTE:
      Ibiblio is graciously mirroring our updates, so if the links above are
      slow, please try:
        ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
      or one of the many mirrors available at:
        http://www.ibiblio.org/pub/Linux/MIRRORS.html


    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 22:55:30 CEST