MDKSA-2000:072

Package name

joe

Date

2000-11-20

Advisory ID

MDKSA-2000:072

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

When exiting joe in a non-standard way (such as a system crash, closing an xterm, or a network connection going down), joe will unconditionally append its open buffers to the file DEADJOE. This can be exploited by the creation of DEADJOE symlinks in directories where root would normally use joe. In this way, joe could be used to append garbage to potentially sensitive files, resulting in a denial of service or other problems. Users of Linux-Mandrake 7.0 and earlier should also note that joe's configuration files have moved from /usr/lib/joe to /etc/joe.

Updated packages

6.1 i586

 8078bad4421a6e7090b23f6cf1f457df  6.1/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  6.1/SRPMS/joe-2.8-21.3mdk.src.rpm

6.0 i586

 13d170b6ea743268d043d27ec13125b2  6.0/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  6.0/SRPMS/joe-2.8-21.3mdk.src.rpm

7.0 i586

 51c84ed7c0d859ae7c08414b92f54acc  7.0/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  7.0/SRPMS/joe-2.8-21.3mdk.src.rpm

7.1 i586

 970975000a64dc08d8498f8d3e5d25f8  7.1/RPMS/joe-2.8-21.2mdk.i586.rpm
09652438758712eff7e04380c5d73013  7.1/SRPMS/joe-2.8-21.2mdk.src.rpm

7.2 i586

 409c7433858b819619f481597fbb18ea  7.2/RPMS/joe-2.8-21.1mdk.i586.rpm
736f08c1c8633667075e0d7f395b9697  7.2/SRPMS/joe-2.8-21.1mdk.src.rpm