Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7

Advisory:	RHSA-2000:110-06
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-11-20
Last updated on:	2000-11-20
Affected Products:	Red Hat Linux 6.2 Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1178

Details

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

When exiting joe in a nonstandard way (such as a system crash,
closing an xterm, or a network connection going down), joe will
unconditionally append its open buffers to the file "DEADJOE".

This could be exploited by the creation of DEADJOE symlinks in
directories where root would normally use joe. In this way,
joe could be used to append garbage to potentially-sensitive
files, resulting in a denial of service.

Users of Red Hat Linux 6.x and 5.2 should also note that joe's

configuration files have been moved from /usr/lib/joe to /etc/joe

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/joe-2.8-42.62.alpha.rpm Missing file	`c53a34db6539d412adc86493e17e9725`

i386:
ftp://updates.redhat.com/6.2/i386/joe-2.8-42.62.i386.rpm Missing file	`d6afd50052ee0f5354a7398849d6c5b5`

sparc:
ftp://updates.redhat.com/6.2/sparc/joe-2.8-42.62.sparc.rpm Missing file	`0b1e58283c4f4d4c41c55948b0117f80`

Red Hat Linux 7.0

i386:
ftp://updates.redhat.com/7.0/i386/joe-2.8-43.i386.rpm Missing file	`1578b0e184b76b23d2a30b101f1665d4`

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178
N/A

Keywords

vulnerability

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/