Security
SHARE
Facebook X Pinterest WhatsApp

Debian Security Advisory: New XEmacs and gnuserv packages available

Written By
thumbnail
Web Webster
Web Webster
Mar 9, 2001

Date: Fri, 9 Mar 2001 09:51:24 +0100
From: Martin Schulze joey@finlandia.infodrom.north.de
To: Debian Security Announcements
debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 042-1] New XEmacs and gnuserv packages
available

Debian Security Advisory DSA-042-1                                      security@debian.org
http://www.debian.org/security/                                   Martin Schulze 
March 8, 2001


Packages       : gnuserv, xemacs21
Vulnerability  : buffer overflow and weak security
Type           : remote vulnerability
Debian-specific: no
Fixed version  : gnuserv 2.1alpha-5.1 (potato) and 2.1alpha-5.1.1 (unstable)
                 xemacs 21.1.10-5 (potato) and xemacs 21.1.14-1 (unstable)

Klaus Frank has found a vulnerability in the way gnuserv handled
remote connections. Gnuserv is a remote control facility for
Emacsen which is available as standalone program as well as
included in XEmacs21. Gnuserv has a buffer for which insufficient
boundary checks were made. Unfortunately this buffer affected
access control to gnuserv which is using a MIT-MAGIC-COOCKIE based
system. It is possible to overflow the buffer containing the cookie
and foozle cookie comparison.

Gnuserv was derived from emacsserver which is part of GNU Emacs.
It’s was reworked completely and not much is to be left over from
its time as part of GNU Emacs. Therefore the versions of
emacssserver in both Emacs19 and Emacs20 doesn’t look vulnerable to
this bug, they don’t even provide a MIT-MAGIC-COOKIE based
mechanism.

This could lead into a remote user issue commands under the UID
of the person running gnuserv.

We recommend you upgrade your xemacs21 and gnuserv packages
immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Potato was released for the alpha, arm, i386, m68k, powerpc and
sparc architectures.

Source archives:

http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.diff.gz

MD5 checksum: 322ac99415fc18dff4fba89b7e9d33e2

http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.dsc

MD5 checksum: 1c32ce9a3b447a632405ff2fbf22e068

http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha.orig.tar.gz

MD5 checksum: 00295f97203b334c1e0866938a3ced2c

http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.diff.gz

MD5 checksum: 73e8ebc9a0c3cb0dfaeb77a9b29c3d15

http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.dsc

MD5 checksum: 9561ccc3dc9fa693f18d32899d7ea7fa

http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10.orig.tar.gz

MD5 checksum: f0d81a84f002bb7c055a0e821244bbbf

Architecture independent:

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-support_21.1.10-5_all.deb

MD5 checksum: 32e7d8ba231c46c81bf833407826de18

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-supportel_21.1.10-5_all.deb

MD5 checksum: 8aeb8891623ea08695acfe20c0e1bc59

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21_21.1.10-5_all.deb

MD5 checksum: 3fd6e13ada6764e2d9022f7abd891d29

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/main/binary-i386/gnuserv_2.1alpha-5.1_i386.deb

MD5 checksum: 8ca49d40223b7957ceaa120c0389c452

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-bin_21.1.10-5_i386.deb

MD5 checksum: 49c3e9d6d458bcf872c8fdc9c5190d87

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule-canna-wnn_21.1.10-5_i386.deb

MD5 checksum: b5aa1fe986c19ca6de87fb8a9a0d54a9

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule_21.1.10-5_i386.deb

MD5 checksum: 7704f26ef1feba21b9efe6eeaa219188

http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-nomule_21.1.10-5_i386.deb

MD5 checksum: 908c624bdd867a503cdc11ca8a01b6d8

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/main/binary-m68k/gnuserv_2.1alpha-5.1_m68k.deb

MD5 checksum: 0b75ebde7771cf528991ce628bf32237

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/main/binary-sparc/gnuserv_2.1alpha-5.1_sparc.deb

MD5 checksum: dff7d55ef771e9473d3c74727082b608

http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-bin_21.1.10-5_sparc.deb

MD5 checksum: 69c0d27b079247d30e35807926d20dd2

http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule-canna-wnn_21.1.10-5_sparc.deb

MD5 checksum: d402e35fde19d61ceb3bafe11a28fa16

http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule_21.1.10-5_sparc.deb

MD5 checksum: 7865e5f17dc9dca1121935c95c6eae99

http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-nomule_21.1.10-5_sparc.deb

MD5 checksum: 5fed990482ab774d27d32ca4b7308797

Alpha architecture:

http://security.debian.org/dists/stable/updates/main/binary-alpha/gnuserv_2.1alpha-5.1_alpha.deb

MD5 checksum: c0c2769f62b22c8f24eed97bc47b350a

http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-bin_21.1.10-5_alpha.deb

MD5 checksum: 5b0bae2e1046d8fd1ffc2084a3fe2047

http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule-canna-wnn_21.1.10-5_alpha.deb

MD5 checksum: 1f1761b6d4f959f8816b50e6c2e1a611

http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule_21.1.10-5_alpha.deb

MD5 checksum: 3066ed7a509e790854b953f99c753b5f

http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-nomule_21.1.10-5_alpha.deb

MD5 checksum: 7b86887ccd3879ec6717395873a3b52c

PowerPC architecture:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnuserv_2.1alpha-5.1_powerpc.deb

MD5 checksum: 128ba2bdd4f6b231af2275c919c9bbae

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-bin_21.1.10-5_powerpc.deb

MD5 checksum: 1967a6162b77f32bf58f528990972f33

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule-canna-wnn_21.1.10-5_powerpc.deb

MD5 checksum: 51867ec12d1d08af8e212f722c3a9b9f

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule_21.1.10-5_powerpc.deb

MD5 checksum: 4e3898da9f797f4c571fa9929efdef22

http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-nomule_21.1.10-5_powerpc.deb

MD5 checksum: 910a72e5201fc31cff2887d9c6e654b8

ARM architecture:

http://security.debian.org/dists/stable/updates/main/binary-arm/gnuserv_2.1alpha-5.1_arm.deb

MD5 checksum: d320a2e110eb02eeed570d61917c5ef5

http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-bin_21.1.10-5_arm.deb

MD5 checksum: 7902fb226cdf3a19e39344fc308a6c14

http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule-canna-wnn_21.1.10-5_arm.deb

MD5 checksum: 51875500719629b32973455aa7e5a275

http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule_21.1.10-5_arm.deb

MD5 checksum: 9199cdd445d590a22368409c7781a4f1

http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-nomule_21.1.10-5_arm.deb

MD5 checksum: 88cb5511e1c5e4ee328dc233421c5731

These files will be moved into ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/
soon.

For not yet released architectures please refer to the
appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/
.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

thumbnail
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Recommended for you...

Blog
A Thorough Approach to Improve the Privacy and Security of Your Linux PC
Damien
Oct 24, 2024
Blog
Several Russian Maintainers Removed From Linux Kernel Due To Compliance Concerns
Senthil Kumar
Oct 23, 2024
Blog
OpenSSH Splits Again: New Authentication Binary Unveiled
Bobby Borisov
Oct 16, 2024
Blog
13 Best Free and Open Source Anti-Malware Tools
webmaster
Oct 14, 2024
Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information