Home > Security > Advisories


Mandriva Advisories

Package name joe
Date November 20th, 2000
Advisory ID MDKSA-2000:072
Affected versions 6.0, 6.1, 7.0, 7.1, 7.2
Synopsis Updated joe packages fix unsafe creation of DEADJOE files

Problem Description

When exiting joe in a non-standard way (such as a system crash, closing
an xterm, or a network connection going down), joe will unconditionally
append its open buffers to the file DEADJOE. This can be exploited by
the creation of DEADJOE symlinks in directories where root would
normally use joe. In this way, joe could be used to append garbage to
potentially sensitive files, resulting in a denial of service or other

Users of Linux-Mandrake 7.0 and earlier should also note that joe's
configuration files have moved from /usr/lib/joe to /etc/joe.

Updated Packages

Mandrakelinux 6.0

 13d170b6ea743268d043d27ec13125b2  6.0/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  6.0/SRPMS/joe-2.8-21.3mdk.src.rpm

Mandrakelinux 6.1

 8078bad4421a6e7090b23f6cf1f457df  6.1/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  6.1/SRPMS/joe-2.8-21.3mdk.src.rpm

Mandrakelinux 7.0

 51c84ed7c0d859ae7c08414b92f54acc  7.0/RPMS/joe-2.8-21.3mdk.i586.rpm
65c55ab73e66ea67ded58fb77a5fc7ea  7.0/SRPMS/joe-2.8-21.3mdk.src.rpm

Mandrakelinux 7.1

 970975000a64dc08d8498f8d3e5d25f8  7.1/RPMS/joe-2.8-21.2mdk.i586.rpm
09652438758712eff7e04380c5d73013  7.1/SRPMS/joe-2.8-21.2mdk.src.rpm

Mandrakelinux 7.2

 409c7433858b819619f481597fbb18ea  7.2/RPMS/joe-2.8-21.1mdk.i586.rpm
736f08c1c8633667075e0d7f395b9697  7.2/SRPMS/joe-2.8-21.1mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.