Date: Tue, 6 Mar 2001 15:04:13 -0700
From: Linux Mandrake Security Team security@LINUX-MANDRAKE.COM
Subject: MDKSA-2001:026 - joe update
Linux-Mandrake Security Update Advisory
Package name: joe
Date: March 6th, 2001
Advisory ID: MDKSA-2001:026
Affected versions: 6.0, 6.1, 7.0, 7.1, 7.2, Corporate Server 1.0.1
The joe text editor looks for configuration files in the current
working directory, the user's home directory, and finally in
/etc/joe. A malicious user could create their own .joerc
configuration file and attempt to get other users to use it. If
this were to happen, the user could potentially execute malicious
commands with their own user ID and privileges. This update removes
joe's ability to use a .joerc configuration file in the current
Please verify the update prior to upgrading to ensure the
integrity of the downloaded package. You can do this with the
rpm --checksig package.rpm
You can get the GPG public key of the Linux-Mandrake Security Team
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.
Updated packages are available in the "updates/[ver]/RPMS/"
directory. For example, if you are looking for an updated RPM
package for Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/".
Updated source RPMs are available as well, but you generally do not
need to download them.
Please be aware that sometimes it takes the mirrors a few hours
to update, so if you want an immediate upgrade, please use one of
the two above-listed mirrors.
You can view other security advisories for Linux-Mandrake