|
|
|
Choosing A Webhost: |
[USN-541-1] Emacs vulnerability: msg#00003linux.ubuntu.security.announce
=========================================================== Ubuntu Security Notice USN-541-1 November 13, 2007 emacs22 vulnerability CVE-2007-5795 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: emacs22 22.1-0ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges. Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.diff.gz Size/MD5: 31839 daac7632708045145dff688900b7627e http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.dsc Size/MD5: 1094 9ee2aec99e8c5e084e8fba2830548e5a http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1.orig.tar.gz Size/MD5: 38172226 6949df37caec2d7a2e0eee3f1b422726 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.1-0ubuntu5.1_all.deb Size/MD5: 18577010 5e070efae1ad5f584b4c9c058b7f8d71 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.1-0ubuntu5.1_all.deb Size/MD5: 11170894 9c2d1be2028e707396f51e1eec6ef5a6 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.1-0ubuntu5.1_all.deb Size/MD5: 4476 6bff7051ee8d52bb742fea7103f1c7d9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_amd64.deb Size/MD5: 179578 ba931e56ad03653a16b4adc1438e16f1 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_amd64.deb Size/MD5: 1933100 bc50b9ed6bb4b8dcd3f9d40edb3b2eb8 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_amd64.deb Size/MD5: 2215464 c2c7e4f3ed03834ed5ede1560bbc2049 http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_amd64.deb Size/MD5: 2208806 20dc6aab6d12d9c28280855a558f8f19 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_i386.deb Size/MD5: 160860 c5b3eb523d873c1a58c4ecb9ace72ce7 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_i386.deb Size/MD5: 1704948 ba3f0d7c81e80c47bd1c3bd2e823742a http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_i386.deb Size/MD5: 1953414 b00fe8d866f6c20f0b204dcbfd68ca4c http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_i386.deb Size/MD5: 1946230 48b0afc1dadaa29637411c77939f40fc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_powerpc.deb Size/MD5: 178814 81f619f2744e31d2ada82515284f4d03 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_powerpc.deb Size/MD5: 1844778 491dc3cba5b629a84bb91dc8e6c2352d http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_powerpc.deb Size/MD5: 2117490 9dd0eb9b7476ac3822b477982af4f1c0 http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_powerpc.deb Size/MD5: 2108164 5e605eae9a9909e07f9129850e5fae99 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_sparc.deb Size/MD5: 166048 6e9af301ebe03290c461ee1727038606 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_sparc.deb Size/MD5: 1803268 20d302817fe0176d00d809847ebfa5e0 http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_sparc.deb Size/MD5: 2053664 f36a010a7926f2f52539f70aed9002e7 http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_sparc.deb Size/MD5: 2048642 123992bee7c6d627f1b556dc3d5668f5
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [USN-540-1] flac vulnerability, Kees Cook |
|---|---|
| Next by Date: | [USN-542-1] poppler vulnerabilities, Kees Cook |
| Previous by Thread: | [USN-540-1] flac vulnerability, Kees Cook |
| Next by Thread: | [USN-542-1] poppler vulnerabilities, Kees Cook |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
Free MagazinesCisco NewsReceive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business. subscribe Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field. subscribe The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business. subscribe Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company. subscribe Total Telecom Total Telecom is "The Economist of the communications industry". subscribe |
