|
| Current Newswire:
Debian Security Advisory: joe local attack via joercMar 09, 2001, 07:16 (0 Talkback[s])(Other stories by Wichert Akkerman) Date: Fri, 9 Mar 2001 03:10:07 +0100 Debian Security Advisory DSA-041-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman March 9, 2001 Package : joe Problem type : local exploit Debian-specific: noChrister Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor). joe will look for a configuration file in three locations: the current directory, the users homedirectory ($HOME) and in /etc/joe. Since the configuration file can define commands joe will run (for example to check spelling) reading it from the current directory can be dangerous: an attacker can leave a .joerc file in a writable directory, which would be read when a unsuspecting user starts joe in that directory. This has been fixed in version 2.8-15.3 and we recommend that you upgrade your joe package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: Alpha architecture: ARM architecture: Intel ia32 architecture: Motorola 680x0 architecture: PowerPC architecture: Sun Sparc architecture: These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon. For not yet released architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . For apt-get: deb http://security.debian.org/
stable/updates main
|
