The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-541-1] Emacs vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Tue, 13 Nov 2007 14:16:04 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-541-1] Emacs vulnerability
Message-ID: <20071113221604.GB2092@outflux.net.>
MIME-Version: 1.0
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Mailman-Approved-At: Tue, 13 Nov 2007 22:17:59 +0000
Cc: [email protected], [email protected]
X-BeenThere: [email protected]
X-Mailman-Version: 2.1.8
Reply-To: [email protected]
Content-Type: multipart/mixed; boundary="===============7116990273420265227=="
Mime-version: 1.0
Sender: [email protected]
Errors-To: [email protected]
X-Barracuda-Connect: chlorine.canonical.com[91.189.94.204]
X-Barracuda-Start-Time: 1194992600
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at Princeton.EDU
X-Proofpoint-Virus-Version: vendor=nai engine=5.2.00 definitions=5162 signatures=344413
X-Proofpoint-Spam-Details: rule=quarantine_notspam policy=quarantine score=1 spamscore=1 ipscore=0 phishscore=0 bulkscore=79 adultscore=0 classifier=spam adjust=0 reason=mlx engine=3.1.0-0708230000 definitions=main-0711130165
X-Spam-KB: http://www.Princeton.EDU/spam
X-OriginalArrivalTime: 13 Nov 2007 22:23:22.0783 (UTC) FILETIME=[CD39A2F0:01C82643]
X-Virus-Scanned: antivirus-gw at tyumen.ru


--===============7116990273420265227==
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="sHrvAb52M6C8blB9"
Content-Disposition: inline


--sHrvAb52M6C8blB9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-541-1          November 13, 2007
emacs22 vulnerability
CVE-2007-5795
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  emacs22                         22.1-0ubuntu5.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Drake Wilson discovered that Emacs did not correctly handle the safe
mode of "enable-local-variables". If a user were tricked into opening
a specially crafted file while "enable-local-variables" was set to the
non-default ":safe", a remote attacker could execute arbitrary commands
with the user's privileges.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1.diff.gz
      Size/MD5:    31839 daac7632708045145dff688900b7627e
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1.dsc
      Size/MD5:     1094 9ee2aec99e8c5e084e8fba2830548e5a
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1.orig=
=2Etar.gz
      Size/MD5: 38172226 6949df37caec2d7a2e0eee3f1b422726

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22=
=2E1-0ubuntu5.1_all.deb
      Size/MD5: 18577010 5e070efae1ad5f584b4c9c058b7f8d71
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.1-0=
ubuntu5.1_all.deb
      Size/MD5: 11170894 9c2d1be2028e707396f51e1eec6ef5a6
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.1-0ubunt=
u5.1_all.deb
      Size/MD5:     4476 6bff7051ee8d52bb742fea7103f1c7d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-commo=
n_22.1-0ubuntu5.1_amd64.deb
      Size/MD5:   179578 ba931e56ad03653a16b4adc1438e16f1
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-=
0ubuntu5.1_amd64.deb
      Size/MD5:  1933100 bc50b9ed6bb4b8dcd3f9d40edb3b2eb8
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1_amd64.deb
      Size/MD5:  2215464 c2c7e4f3ed03834ed5ede1560bbc2049
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_2=
2.1-0ubuntu5.1_amd64.deb
      Size/MD5:  2208806 20dc6aab6d12d9c28280855a558f8f19

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-commo=
n_22.1-0ubuntu5.1_i386.deb
      Size/MD5:   160860 c5b3eb523d873c1a58c4ecb9ace72ce7
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-=
0ubuntu5.1_i386.deb
      Size/MD5:  1704948 ba3f0d7c81e80c47bd1c3bd2e823742a
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1_i386.deb
      Size/MD5:  1953414 b00fe8d866f6c20f0b204dcbfd68ca4c
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_2=
2.1-0ubuntu5.1_i386.deb
      Size/MD5:  1946230 48b0afc1dadaa29637411c77939f40fc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-commo=
n_22.1-0ubuntu5.1_powerpc.deb
      Size/MD5:   178814 81f619f2744e31d2ada82515284f4d03
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-=
0ubuntu5.1_powerpc.deb
      Size/MD5:  1844778 491dc3cba5b629a84bb91dc8e6c2352d
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1_powerpc.deb
      Size/MD5:  2117490 9dd0eb9b7476ac3822b477982af4f1c0
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_2=
2.1-0ubuntu5.1_powerpc.deb
      Size/MD5:  2108164 5e605eae9a9909e07f9129850e5fae99

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-commo=
n_22.1-0ubuntu5.1_sparc.deb
      Size/MD5:   166048 6e9af301ebe03290c461ee1727038606
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-=
0ubuntu5.1_sparc.deb
      Size/MD5:  1803268 20d302817fe0176d00d809847ebfa5e0
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubu=
ntu5.1_sparc.deb
      Size/MD5:  2053664 f36a010a7926f2f52539f70aed9002e7
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_2=
2.1-0ubuntu5.1_sparc.deb
      Size/MD5:  2048642 123992bee7c6d627f1b556dc3d5668f5


--sHrvAb52M6C8blB9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHOiIkH/9LqRcGPm0RAqhkAJ41HmggqNIOhRoAaXS5Wm40kYGGRACgi7Jh
fBtq+iF/gLA9nkI2u20zbaM=
=i5vE
-----END PGP SIGNATURE-----

--sHrvAb52M6C8blB9--


--===============7116990273420265227==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7116990273420265227==--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру