Yellow Dog Linux Security Advisory: YDU-20030723-2
Terra Soft Security Team
yellowdog-updates@lists.terrasoftsolutions.com
Wed, 23 Jul 2003 16:26:15 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: wl
Issue Date: Jul 23,2003
Priority: medium
Advisory ID: YDU-20030723-2
1. Topic:
Updated wl packages are available.
2. Problem:
"semi is a MIME library for GNU Emacs and XEmacs used by the wl mail
package.
A vulnerability in semi version 1.14.3 and earlier allows an attacker
to overwrite arbitrary files with potentially arbitrary contents using the
privileges of the user running Emacs and semi. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0440
to this issue.
Users of semi are advised to upgrade to these packages, which contain
a backported patch correcting this issue."
From Red Hat Advisory
Semi is packaged as wl with yellowdog 3.0 .
3. Solution:
a) Updating via yum...
We suggest that you use the yum program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
yum update wl
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/wl-2.10.1-1.1.noarch.rpm
ppc/wl-common-2.10.1-1.1.noarch.rpm
ppc/wl-xemacs-2.10.1-1.1.noarch.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
fc672e14d3afa3289bc4350497b0065f SRPMS/wl-2.10.1-1.1.src.rpm
db0b5b281c9b5beb24be43f3af990c71 wl-2.10.1-1.1.noarch.rpm
4e70dbd43e7135cadfd845790d4189e6 wl-common-2.10.1-1.1.noarch.rpm
ddb9b6d68734d9d45ea02ff46872e266 wl-xemacs-2.10.1-1.1.noarch.rpm
If you wish to verify that each package has not been corrupted or
tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security,
bugfix, and package
enhancement announcements will be posted. See
http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of yum, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml