New im packages are available that fix the insecure handling of temporary files. [Updated 7 July 2003] Added packages for Red Hat Linux on IBM iSeries and pSeries systems.
Internet Message (IM) is a series of user interface commands and backend Perl5 libraries that integrate email and the NetNews user interface. They are designed to be used from both the Mew mail reader for Emacs and the command line. A vulnerability has been discovered by Tatsuya Kinoshita in the way two IM utilities create temporary files. By anticipating the names used to create files and directories stored in /tmp, it may be possible for a local attacker to corrupt or modify data as another user. Red Hat Linux 7, 7.1, and 7.2 included IM packages that are vulnerable to this issue. This erratum includes IM version 143 which is not vulnerable to this issue. Red Hat Linux 7.3, and 8.0 included Mew (Messaging in the Emacs World) packages which included vulnerable versions of IM. This erratum provide updated Mew packages including IM version 143 which is not vulnerable to this issue.