Date: Tue, 21 Nov 2000 15:38:51 -0600 From: Bryan Paxton <bpaxton@SECURITYPORTAL.COM> Subject: LSLID:2000112103 - Immunix - joe - IMNX-2000-70-007-01 To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM LSLID:2000112103 ----------------------------------------------------------------------- Immunix OS Security Advisory Packages updated: joe Effected products: Immunix OS 6.2, Immunix OS 7.0-beta Bugs Fixed: immunix/1293 Date: November 21, 2000 Advisory ID: IMNX-2000-70-007-01 Author: Greg Kroah-Hartman <greg@wirex.com> ----------------------------------------------------------------------- Description: A local root exploit is possible if the root user is running the joe editor. This problem was originally found by Patrik Birgersson of Wkit Security AB (see http://www.securityfocus.com/archive/1/145305 for more information.) This problem effects both Immunix 6.2 and 7.0 beta. Packages have been created and released for both versions. Package names and locations: Precompiled binary packages for Immunix 6.2 are available at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/joe-2.8-42.62_StackGu ard.i386.rpm Source packages for Immunix 6.2 are available at: http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/joe-2.8-42.62_StackG uard.src.rpm Precompiled binary packages for Immunix System 7 beta are available at: http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/RPMS/joe-2.8-43_Stack Guard.i386.rpm Source packages for Immunix 7.0 are available at: http://www.immunix.org:8080/ImmunixOS/7.0-beta/updates/SRPMS/joe-2.8-43_Stac kGuard.src.rpm md5sums of the packages: 218717db00d428575d87187e3434193d 6.2/updates/SRPMS/joe-2.8-42.62_StackGuard.src.rpm 8cc21d3c9e077aa16be381ce25f1c4b5 6.2/updates/RPMS/joe-2.8-42.62_StackGuard.i386.rpm 56831a982a06cdf37e5c358b2f41aa34 7.0-beta/updates/RPMS/joe-2.8-43_StackGuard.i386.rpm 13cde529ffe31325eb2d704ca66d06f1 7.0-beta/updates/SRPMS/joe-2.8-43_StackGuard.src.rpm