Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7
| Advisory: | RHSA-2000:110-06 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2000-11-20 |
| Last updated on: | 2000-11-20 |
| Affected Products: | Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux Enterprise Edition |
| CVEs (cve.mitre.org): |
CVE-2000-1178 |
Details
Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.
When exiting joe in a nonstandard way (such as a system crash,
closing an xterm, or a network connection going down), joe will
unconditionally append its open buffers to the file "DEADJOE".
This could be exploited by the creation of DEADJOE symlinks in
directories where root would normally use joe. In this way,
joe could be used to append garbage to potentially-sensitive
files, resulting in a denial of service.
Users of Red Hat Linux 6.x and 5.2 should also note that joe's
configuration files have been moved from /usr/lib/joe to /etc/joe
Solution
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Red Hat Linux 6.2 | |
| Alpha: | |
| {filename} | MD5: c53a34db6539d412adc86493e17e9725 |
| IA-32: | |
| {filename} | MD5: d6afd50052ee0f5354a7398849d6c5b5 |
| Sparc: | |
| {filename} | MD5: 0b1e58283c4f4d4c41c55948b0117f80 |
| Red Hat Linux 7.0 | |
| IA-32: | |
| {filename} | MD5: 1578b0e184b76b23d2a30b101f1665d4 |
References
Keywords
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/