RHEL 2.1 / 3 : xemacs (RHSA-2005:134)
High Nessus Plugin ID 16369
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated XEmacs packages that fix a string format issue are now available.
XEmacs is a powerful, customizable, self-documenting, modeless text editor.
Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue.
Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
SolutionUpdate the affected xemacs, xemacs-el and / or xemacs-info packages.