---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: New emacs packages available
Advisory ID: RHSA-2000:036-01
Issue date: 2000-06-15
Updated on: 2000-06-15
Product: Red Hat Linux
Keywords: emacs vulnerability
Cross references: N/A
---------------------------------------------------------------------
1. Topic:
With emacs < 20.7, unprivileged local users can eavesdrop the communication
between Emacs and its subprocesses.
2. Relevant releases/architectures:
Red Hat Linux 6.0 - i386 alpha sparc
Red Hat Linux 6.1 - i386 alpha sparc
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
With emacs < 20.7, unprivileged local users can eavesdrop the communication
between Emacs and its subprocesses.
This release also fix many minor problems.
The problem also exists for Red Hat 5.x. Unfortunately, the fixes require UNIX98
PTYs. This is only available on Red Hat 6.x and higher. If this problem concerns
you, an upgrade is recommended.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
11335 - emacs-nox built with X11 locale
10948 - emacs-nox does not accept pasted data
10798 - Emacs shell-script mode doesn''t know about bash2
9895 - Nit: png file marked as conf file.
6. RPMs required:
Red Hat Linux 6.2:
intel:
ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-20.7-1.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-el-20.7-1.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-X11-20.7-1.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-leim-20.7-1.i386.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/i386/emacs-nox-20.7-1.i386.rpm
alpha:
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-20.7-1.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-el-20.7-1.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-X11-20.7-1.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-leim-20.7-1.alpha.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/alpha/emacs-nox-20.7-1.alpha.rpm
sparc:
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-20.7-1.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-el-20.7-1.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-X11-20.7-1.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-leim-20.7-1.sparc.rpm
ftp://ftp.redhat.com/redhat/updates/6.2/sparc/emacs-nox-20.7-1.sparc.rpm
sources:
ftp://ftp.redhat.com/redhat/updates/6.2/SRPMS/emacs-20.7-1.src.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
4338ef85b6f9c374879eeee77ae0eee9 6.2/SRPMS/emacs-20.7-1.src.rpm
9fbdc8b24f30bc0784a75b5d169df0c7 6.2/alpha/emacs-20.7-1.alpha.rpm
c008af143f571ae71d4f5415bd82968d 6.2/alpha/emacs-X11-20.7-1.alpha.rpm
718587a7b03c7b216d8c7825bedf1a0f 6.2/alpha/emacs-el-20.7-1.alpha.rpm
12add74edfdbb60bbf62db1a6fd8f89e 6.2/alpha/emacs-leim-20.7-1.alpha.rpm
1fa10098c9e56296d8d10a8e198b6e12 6.2/alpha/emacs-nox-20.7-1.alpha.rpm
e51141f6c521cf8009cc94669e00dc3f 6.2/i386/emacs-20.7-1.i386.rpm
7e2254b2c46deeb6a1ee8840cd4b2c2a 6.2/i386/emacs-X11-20.7-1.i386.rpm
27ef1a3ba0d97968ccca79d5421b8a1b 6.2/i386/emacs-el-20.7-1.i386.rpm
9057e85bf9cfd24057d0bdc8f16164ad 6.2/i386/emacs-leim-20.7-1.i386.rpm
19a8145b213dbcb54a3d8bad1fadcda0 6.2/i386/emacs-nox-20.7-1.i386.rpm
b4d69bb3e1ca46e2e164b2c342e7e615 6.2/sparc/emacs-20.7-1.sparc.rpm
2fc732546034395a8921fd2541f49fa1 6.2/sparc/emacs-X11-20.7-1.sparc.rpm
10e8880bf285287f328cf28888e0dcf1 6.2/sparc/emacs-el-20.7-1.sparc.rpm
0cc9c30a1bb74774913603def608fc55 6.2/sparc/emacs-leim-20.7-1.sparc.rpm
a6ae2d4b6afcb0022d59183b12472361 6.2/sparc/emacs-nox-20.7-1.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://www.securityfocus.com/bid/1125
