Package name
Advisory ID
Affected versions
CS1.0 i586 , 6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

The joe text editor looks for configuration files in the current working directory, the user's home directory, and finally in /etc/joe. A malicious user could create their own .joerc configuration file and attempt to get other users to use it. If this were to happen, the user could potentially execute malicious commands with their own user ID and privileges. This update removes joe's ability to use a .joerc configuration file in the current working directory.

Updated packages

CS1.0 i586

 633c0600124591eb3a0d9f1299709b18  1.0.1/RPMS/joe-2.8-21.5mdk.i586.rpm
10fa82ea14185c6df59c2eb282b628ff  1.0.1/SRPMS/joe-2.8-21.5mdk.src.rpm

6.1 i586

 8d580b730449cd83cd3140ed5e85b711  6.1/RPMS/joe-2.8-21.6mdk.i586.rpm
43b6715da08c931174df9bdca65c5bd2  6.1/SRPMS/joe-2.8-21.6mdk.src.rpm

6.0 i586

 56d2f6a0631af8bd0e1277ff9ac61c79  6.0/RPMS/joe-2.8-21.6mdk.i586.rpm
43b6715da08c931174df9bdca65c5bd2  6.0/SRPMS/joe-2.8-21.6mdk.src.rpm

7.0 i586

 96713b9dbd1d08045de30a5d3325e0e1  7.0/RPMS/joe-2.8-21.6mdk.i586.rpm
43b6715da08c931174df9bdca65c5bd2  7.0/SRPMS/joe-2.8-21.6mdk.src.rpm

7.1 i586

 633c0600124591eb3a0d9f1299709b18  7.1/RPMS/joe-2.8-21.5mdk.i586.rpm
10fa82ea14185c6df59c2eb282b628ff  7.1/SRPMS/joe-2.8-21.5mdk.src.rpm

7.2 i586

 35c4075c50bf84dde42573f20f549772  7.2/RPMS/joe-2.8-21.4mdk.i586.rpm
c6ff0ce8ad7365cfd2795c178b5e5f01  7.2/SRPMS/joe-2.8-21.4mdk.src.rpm