- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: emacs security update
Advisory ID:       RHSA-2005:110-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:110.html
Issue date:        2005-02-15
Updated on:        2005-02-15
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0100
- ---------------------------------------------------------------------1. Summary:

Updated Emacs packages that fix a string format issue are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Emacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs.  If a user connects to a malicious POP server,
an attacker can execute arbitrary code as the user running emacs.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which
contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146702 - CAN-2005-0100 Arbitrary code execution in *emacs*

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

ppc:
aa1df458e29f1fc3a9c5683cc63569db  emacs-21.3-19.EL.1.ppc.rpm
cf1c15b8b68fea1700873af27a6224fb  emacs-common-21.3-19.EL.1.ppc.rpm
b329aa4d9525c604cecec7cd8dd51a6e  emacs-el-21.3-19.EL.1.ppc.rpm
cc8d208922f5008ab6804b6a9e63a614  emacs-leim-21.3-19.EL.1.ppc.rpm
9bccad4563f257e4163fea463e36eb82  emacs-nox-21.3-19.EL.1.ppc.rpm

s390:
d88c1758f21c4220c3df0711343908f0  emacs-21.3-19.EL.1.s390.rpm
ca6a5718a17bdd4bb8658d120f09cc83  emacs-common-21.3-19.EL.1.s390.rpm
82525d517fb1e6b2ece6c6358c06c816  emacs-el-21.3-19.EL.1.s390.rpm
a396774e36429c5ebd427b737903f687  emacs-leim-21.3-19.EL.1.s390.rpm
8462339636d4c473187c91df847a0819  emacs-nox-21.3-19.EL.1.s390.rpm

s390x:
12a3ccc10b35c10326bc6bb5f0debc0b  emacs-21.3-19.EL.1.s390x.rpm
3cae3da5240a0f9b58917ebcdccc96b1  emacs-common-21.3-19.EL.1.s390x.rpm
e5ecc6b2391f279dbf5e277d294496a9  emacs-el-21.3-19.EL.1.s390x.rpm
3c03be453391e596378a3ae06b537dc6  emacs-leim-21.3-19.EL.1.s390x.rpm
9d03750e15609eb23e5c782ceeb39d7d  emacs-nox-21.3-19.EL.1.s390x.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
0308af5b40cbfa7da72179f9eba9d0a6  emacs-21.3-19.EL.1.src.rpm

i386:
e14739371b9e77a4a378bfe8482bae68  emacs-21.3-19.EL.1.i386.rpm
4e54441289c467b48a030aae49b5b11d  emacs-common-21.3-19.EL.1.i386.rpm
e87076de3bf4ad67983466f6fc381b9f  emacs-el-21.3-19.EL.1.i386.rpm
5f239b2f9044b4bb06356973bce0fbf7  emacs-leim-21.3-19.EL.1.i386.rpm
7bb7fd34f5c089056a9cb828d8a08f22  emacs-nox-21.3-19.EL.1.i386.rpm

ia64:
107b4db24feb6f15baf646bd3b216abf  emacs-21.3-19.EL.1.ia64.rpm
ac6fbbd121e3a1e4b77873752508036c  emacs-common-21.3-19.EL.1.ia64.rpm
e43232ea8746ca44d11005038bdba491  emacs-el-21.3-19.EL.1.ia64.rpm
3e56b6f8f4e8018780be9aae9505bb21  emacs-leim-21.3-19.EL.1.ia64.rpm
a607f49467d0ac4b843bee6976465aa0  emacs-nox-21.3-19.EL.1.ia64.rpm

x86_64:
533c8768fa5fb1e70b11544eb1b9d4a5  emacs-21.3-19.EL.1.x86_64.rpm
76dba36b790c49ce2b8b3d336260cd11  emacs-common-21.3-19.EL.1.x86_64.rpm
9b93ee334811512c29792c8418f85cb6  emacs-el-21.3-19.EL.1.x86_64.rpm
938772be956ff93dbd1dc9e1a4182a22  emacs-leim-21.3-19.EL.1.x86_64.rpm
39f97ade0ab062a36f5e5dce43e134ab  emacs-nox-21.3-19.EL.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Important: emacs security update

Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red ...

Summary



Summary

Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
146702 - CAN-2005-0100 Arbitrary code execution in *emacs*
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm
i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm
ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm
ppc: aa1df458e29f1fc3a9c5683cc63569db emacs-21.3-19.EL.1.ppc.rpm cf1c15b8b68fea1700873af27a6224fb emacs-common-21.3-19.EL.1.ppc.rpm b329aa4d9525c604cecec7cd8dd51a6e emacs-el-21.3-19.EL.1.ppc.rpm cc8d208922f5008ab6804b6a9e63a614 emacs-leim-21.3-19.EL.1.ppc.rpm 9bccad4563f257e4163fea463e36eb82 emacs-nox-21.3-19.EL.1.ppc.rpm
s390: d88c1758f21c4220c3df0711343908f0 emacs-21.3-19.EL.1.s390.rpm ca6a5718a17bdd4bb8658d120f09cc83 emacs-common-21.3-19.EL.1.s390.rpm 82525d517fb1e6b2ece6c6358c06c816 emacs-el-21.3-19.EL.1.s390.rpm a396774e36429c5ebd427b737903f687 emacs-leim-21.3-19.EL.1.s390.rpm 8462339636d4c473187c91df847a0819 emacs-nox-21.3-19.EL.1.s390.rpm
s390x: 12a3ccc10b35c10326bc6bb5f0debc0b emacs-21.3-19.EL.1.s390x.rpm 3cae3da5240a0f9b58917ebcdccc96b1 emacs-common-21.3-19.EL.1.s390x.rpm e5ecc6b2391f279dbf5e277d294496a9 emacs-el-21.3-19.EL.1.s390x.rpm 3c03be453391e596378a3ae06b537dc6 emacs-leim-21.3-19.EL.1.s390x.rpm 9d03750e15609eb23e5c782ceeb39d7d emacs-nox-21.3-19.EL.1.s390x.rpm
x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm
i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm
x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm
i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm
ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm
x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm
i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm
ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm
x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

Package List


Severity
Advisory ID: RHSA-2005:110-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:110.html
Issued Date: : 2005-02-15
Updated on: 2005-02-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0100 Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved