Package : emacs20
Vulnerability : format string
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0100
Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs, the well-known editor. Via connecting to a
malicious POP server an attacker can execute arbitrary code under the
privileges of group mail.
For the stable distribution (woody) these problems have been fixed in
version 20.7-13.3.
The unstable distribution (sid) does not contain an Emacs20 package
anymore.
We recommend that you upgrade your emacs packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Product : Fedora Core 3
Name : postgresql
Version : 7.4.7
Release : 1.FC3.2
Summary : PostgreSQL client programs and libraries.
Description :
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions).
Mon Feb 07 2005 Tom Lane <tgl@redhat.com> 7.4.7-1.FC3.2
Put regression tests under /usr/lib64 on 64-bit archs, since .so files
are not architecture-independent.
Mon Feb 07 2005 Tom Lane <tgl@redhat.com> 7.4.7-1.FC3.1
Update to PostgreSQL 7.4.7 (fixes CAN-2005-0227 and other issues).
Update to PyGreSQL 3.6.1.
Add versionless symlinks to jar files (bz#145744)
Add restorecon to postgresql.init in order to restore database to correct
SELinux context.
Product : Fedora Core 2
Name : postgresql
Version : 7.4.7
Release : 1.FC2.2
Summary : PostgreSQL client programs and libraries.
Description :
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions).
Mon Feb 07 2005 Tom Lane <tgl@redhat.com> 7.4.7-1.FC2.2
Put regression tests under /usr/lib64 on 64-bit archs, since .so files
are not architecture-independent.
Mon Feb 07 2005 Tom Lane <tgl@redhat.com> 7.4.7-1.FC2.1
Update to PostgreSQL 7.4.7 (fixes CAN-2005-0227 and other issues).
Product : Fedora Core 2
Name : cups
Version : 1.1.20
Release : 11.11
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
Update Information:
A problem with PDF handling was discovered by Chris Evans, and has
been fixed. The Common Vulnerabilities and Exposures project
(www.mitre.org) has assigned the name CAN-2004-0888 to this issue.
FEDORA-2004-337 attempted to correct this but the patch was incomplete.
Mon Feb 07 2005 Tim Waugh <twaugh@redhat.com> 1:1.1.20-11.11
Apply patch to fix remainder of CAN-2004-0888 (bug #135378).
Product : Fedora Core 3
Name : cups
Version : 1.1.22
Release : 0.rc1.8.5
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
Update Information:
A problem with PDF handling was discovered by Chris Evans, and has
been fixed. The Common Vulnerabilities and Exposures project
(www.mitre.org) has assigned the name CAN-2004-0888 to this issue.
FEDORA-2004-337 attempted to correct this but the patch was incomplete.
* Mon Feb 07 2005 Tim Waugh <twaugh@redhat.com> 1:1.1.22-0.rc1.8.5
Apply patch to fix remainder of CAN-2004-0888 (bug #135378).
PostgreSQL's LOAD extension is vulnerable to a local privilege
escalation discovered by John Heasman. A local user can load any shared
library, but the initialization function will then be executed with the
permissions of the PostgreSQL server.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
Multiple vulnerabilities, including buffer overflows, out of bounds
memory access and directory traversals, have been discovered in libXpm,
which is shipped as a part of the X Window System. LessTif, an
application that includes libXpm, suffers from the same issues.
A carefully-crafted XPM file could crash applications making use of the
LessTif toolkit, potentially allowing the execution of arbitrary code
with the privileges of the user running the application.
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
