Security Advisory Updated semi packages fix vulnerability

Advisory: RHSA-2003:234-11
Type: Security Advisory
Severity: N/A
Issued on: 2003-07-23
Last updated on: 2003-07-23
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.1 for iSeries
Red Hat Linux 7.1 for pSeries
Red Hat Linux 7.1 for zSeries
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0440

Details

Updated semi packages that fix vulnerabilities in semi's temporary file
handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.

semi is a MIME library for GNU Emacs and XEmacs used by the wl mail package.

A vulnerability in semi version 1.14.3 and earlier allows an attacker
to overwrite arbitrary files with potentially arbitrary contents using the
privileges of the user running Emacs and semi. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0440
to this issue.

Users of semi are advised to upgrade to these packages, which contain
a backported patch correcting this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.1
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/semi-1.13.7-10.src.rpm
Missing file		     442949226f8868df1a9350d8cc4cd1d6
 
Alpha:
ftp://updates.redhat.com/7.1/en/os/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
IA-32:
ftp://updates.redhat.com/7.1/en/os/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
IA-64:
ftp://updates.redhat.com/7.1/en/os/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
Red Hat Linux 7.1 for iSeries
SRPMS:
ftp://updates.redhat.com/7.1/en/os/iSeries/SRPMS/semi-1.13.7-10.src.rpm
Missing file		     442949226f8868df1a9350d8cc4cd1d6
 
iSeries:
ftp://updates.redhat.com/7.1/en/os/iSeries/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
Red Hat Linux 7.1 for pSeries
SRPMS:
ftp://updates.redhat.com/7.1/en/os/pSeries/SRPMS/semi-1.13.7-10.src.rpm
Missing file		     442949226f8868df1a9350d8cc4cd1d6
 
pSeries:
ftp://updates.redhat.com/7.1/en/os/pSeries/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
Red Hat Linux 7.1 for zSeries
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/semi-1.13.7-10.src.rpm
Missing file		     442949226f8868df1a9350d8cc4cd1d6
 
s390x:
ftp://updates.redhat.com/7.1/en/os/noarch/semi-1.13.7-10.noarch.rpm
Missing file		     e042ec88e785f8b376b454cdfd192707
 
Red Hat Linux 7.2
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/semi-1.14.3-8.72.src.rpm
Missing file		     da8628629ed020b2bc9e06abf1524af3
 
IA-32:
ftp://updates.redhat.com/7.2/en/os/noarch/semi-1.14.3-8.72.noarch.rpm
Missing file		     c1e66bb252d95a81f63b0098ecdb5f83
ftp://updates.redhat.com/7.2/en/os/noarch/semi-xemacs-1.14.3-8.72.noarch.rpm
Missing file		     7653ba36b625f4f786e39573be802dfa
 
IA-64:
ftp://updates.redhat.com/7.2/en/os/noarch/semi-1.14.3-8.72.noarch.rpm
Missing file		     c1e66bb252d95a81f63b0098ecdb5f83
ftp://updates.redhat.com/7.2/en/os/noarch/semi-xemacs-1.14.3-8.72.noarch.rpm
Missing file		     7653ba36b625f4f786e39573be802dfa
 
s390:
ftp://updates.redhat.com/7.2/en/os/noarch/semi-1.14.3-8.72.noarch.rpm
Missing file		     c1e66bb252d95a81f63b0098ecdb5f83
ftp://updates.redhat.com/7.2/en/os/noarch/semi-xemacs-1.14.3-8.72.noarch.rpm
Missing file		     7653ba36b625f4f786e39573be802dfa
 
Red Hat Linux 7.3
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/semi-1.14.3-15.src.rpm
Missing file		     729f691aea3136030a34ebd1eadb9c23
 
IA-32:
ftp://updates.redhat.com/7.3/en/os/noarch/semi-1.14.3-15.noarch.rpm
Missing file		     3c28749f6c99fc6d50f79fead6b8187b
ftp://updates.redhat.com/7.3/en/os/noarch/semi-xemacs-1.14.3-15.noarch.rpm
Missing file		     b95c368e446ceda1e96a7ea747944cf5
 
Red Hat Linux 8.0
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/wl-2.8.1-9.src.rpm
Missing file		     f085d6869ce59765fa72da26cec6b1f2
 
IA-32:
ftp://updates.redhat.com/8.0/en/os/noarch/wl-2.8.1-9.noarch.rpm
Missing file		     84834aecf01ec7f0d7ce3ce9be830f64
ftp://updates.redhat.com/8.0/en/os/noarch/wl-common-2.8.1-9.noarch.rpm
Missing file		     8e6719831cb4f5a68c92f497a61a414c
ftp://updates.redhat.com/8.0/en/os/noarch/wl-xemacs-2.8.1-9.noarch.rpm
Missing file		     6ff8d828af3407e6e7000f2b8d787f82
 
Red Hat Linux 9
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/wl-2.10.1-1.1.src.rpm
Missing file		     3f2c94d3cc527ec7e54532931eb524b3
 
IA-32:
ftp://updates.redhat.com/9/en/os/noarch/wl-2.10.1-1.1.noarch.rpm
Missing file		     b9fe8fb05a04fffa558a7e656746e603
ftp://updates.redhat.com/9/en/os/noarch/wl-common-2.10.1-1.1.noarch.rpm
Missing file		     d1f67f532368aba67910fb4ce7f7042d
ftp://updates.redhat.com/9/en/os/noarch/wl-xemacs-2.10.1-1.1.noarch.rpm
Missing file		     7122676e3a598eb8bb003e9d6c1ac3b6
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0440
http://www.debian.org/security/2003/dsa-339

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/