Red Hat 9042 Published by

New xemacs packages has been released for Red Hat Enterprise Linux 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: xemacs security update
Advisory ID: RHSA-2005:133-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-133.html
Issue date: 2005-02-15
Updated on: 2005-02-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0100
----------------------------------------------------------------------

1. Summary:

Updated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

XEmacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue.

Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146706 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm
3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm

ppc:
604b838be1c70f78a069838aedd3583f xemacs-21.4.15-10.EL.1.ppc.rpm
19ca8f80d9150c61a4e4532003caa40a xemacs-common-21.4.15-10.EL.1.ppc.rpm
98623c7463fa2f35562a7bac89f24a59 xemacs-el-21.4.15-10.EL.1.ppc.rpm
659cf3c867f3c1089936c0eae8646995 xemacs-info-21.4.15-10.EL.1.ppc.rpm
ce04905c75b1c1b4e250ec64b646c088 xemacs-nox-21.4.15-10.EL.1.ppc.rpm

s390:
67c1e30c3da90c9f929a0454cda90480 xemacs-21.4.15-10.EL.1.s390.rpm
87f1b473112c1417e3e5005898aeaba7 xemacs-common-21.4.15-10.EL.1.s390.rpm
62b74ac3cc227f94c7385616e6e98bb9 xemacs-el-21.4.15-10.EL.1.s390.rpm
931788a7c98b15bf3971f512e74f6c9a xemacs-info-21.4.15-10.EL.1.s390.rpm
1c4fc34a77f266dd46036f28f2355552 xemacs-nox-21.4.15-10.EL.1.s390.rpm

s390x:
43e7f05b16a56833fba58286f84aff3a xemacs-21.4.15-10.EL.1.s390x.rpm
9d5ab2fcf69ede7e50beca7d057c364e xemacs-common-21.4.15-10.EL.1.s390x.rpm
705516d8db6bfae82a7c600db243a55e xemacs-el-21.4.15-10.EL.1.s390x.rpm
0d10cc5bb25fcf0e7f8a135c5d59dfb9 xemacs-info-21.4.15-10.EL.1.s390x.rpm
0f2a83207bd62d69ad51e35c8ba7713a xemacs-nox-21.4.15-10.EL.1.s390x.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm
3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm
3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm
3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm

i386:
32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm
7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm
28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm
7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm
7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm

ia64:
5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm
0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm
6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm
b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm
170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm

x86_64:
60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm
625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm
3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm
2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm
2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.