Yellow Dog Linux Security Advisory: YDU-20030723-2

Terra Soft Security Team yellowdog-updates@lists.terrasoftsolutions.com
Wed, 23 Jul 2003 16:26:15 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	wl
Issue Date:	Jul 23,2003
Priority:	medium
Advisory ID: 	YDU-20030723-2


1. 	Topic:

	Updated wl packages are available.


2. 	Problem:
	
	"semi is a MIME library for GNU Emacs and XEmacs used by the wl mail 
package.

	A vulnerability in semi version 1.14.3 and earlier allows an attacker
	to overwrite arbitrary files with potentially arbitrary contents using the
	privileges of the user running Emacs and semi. The Common Vulnerabilities
	and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0440
	to this issue.

	Users of semi are advised to upgrade to these packages, which contain
	a backported patch correcting this issue."

	From Red Hat Advisory

	Semi is packaged as wl with yellowdog 3.0 .


3. 	Solution:

    	a) Updating via yum...
	We suggest that you use the yum program to keep your
         system up-to-date. The following command(s) will retrieve
	and install the fixed version of this update onto your system:

		yum update wl

	b) Updating manually...
	Download the updates below and then run the following rpm command.
    	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/wl-2.10.1-1.1.noarch.rpm
			ppc/wl-common-2.10.1-1.1.noarch.rpm
			ppc/wl-xemacs-2.10.1-1.1.noarch.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
fc672e14d3afa3289bc4350497b0065f  SRPMS/wl-2.10.1-1.1.src.rpm
db0b5b281c9b5beb24be43f3af990c71  wl-2.10.1-1.1.noarch.rpm
4e70dbd43e7135cadfd845790d4189e6  wl-common-2.10.1-1.1.noarch.rpm
ddb9b6d68734d9d45ea02ff46872e266  wl-xemacs-2.10.1-1.1.noarch.rpm


If you wish to verify that each package has not been corrupted or 
tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, 
bugfix, and package
enhancement announcements will be posted. See 
http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml