-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-9236 2008-10-30 11:42:30 --------------------------------------------------------------------------------
Name : ed Product : Fedora 8 Version : 1.1 Release : 1.fc8 URL : http://www.gnu.org/software/ed/ Summary : The GNU line editor Description : Ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). For most purposes, ed has been replaced in normal usage by full-screen editors (emacs and vi, for example). Ed was the original UNIX editor, and may be used by some programs. In general, however, you probably don't need to install it and you probably won't use it. -------------------------------------------------------------------------------- Update Information: ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. (CVE-2008-3916) Users of ed should upgrade to this updated package, which contains a backported patch to resolve this issue. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 29 2008 Karsten Hopp <[EMAIL PROTECTED]> 1.1-1 - update to lastest version, fixes CVE-2008-3916 * Tue Jun 24 2008 Karsten Hopp <[EMAIL PROTECTED]> 0.9-1 - version 0.9 * Sun Mar 23 2008 Tom "spot" Callaway <[EMAIL PROTECTED]> - 0.8-3 - fix license tag * Tue Feb 19 2008 Fedora Release Engineering <[EMAIL PROTECTED]> - 0.8-2 - Autorebuild for GCC 4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #466094 - CVE-2008-3916 ed: Heap-based buffer overflow (arb. code execution) [F8] https://bugzilla.redhat.com/show_bug.cgi?id=466094 [ 2 ] Bug #466095 - CVE-2008-3916 ed: Heap-based buffer overflow (arb. code execution) [F9] https://bugzilla.redhat.com/show_bug.cgi?id=466095 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ed' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce