LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Emacs vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service.
=========================================================== 
Ubuntu Security Notice USN-504-1            August 28, 2007
emacs21 vulnerability
CVE-2007-2833
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  emacs21                         21.4a-3ubuntu2.1
  emacs21-nox                     21.4a-3ubuntu2.1

Ubuntu 6.10:
  emacs21                         21.4a-6ubuntu2.1
  emacs21-nox                     21.4a-6ubuntu2.1

Ubuntu 7.04:
  emacs21                         21.4a+1-2ubuntu1.1
  emacs21-nox                     21.4a+1-2ubuntu1.1

After a standard system upgrade you need to restart emacs to effect the
necessary changes.

Details follow:

Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images.  By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1.diff.gz
      Size/MD5:   157273 6442c1cb39f77be814e38f85ea446e88
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1.dsc
      Size/MD5:      814 ebac3d1ce4db9594f15efbc10442b2b0
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a.orig.tar.gz
      Size/MD5: 18113820 0a85e242da6eb61f86fda5ad1c762d5a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-common_21.4a-3ubuntu2.1_all.deb
      Size/MD5: 10985008 456d856f752b74d2e838061c9825759c
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-el_21.4a-3ubuntu2.1_all.deb
      Size/MD5:  7151846 d35f15800814f66c6389c1333a66f4e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-3ubuntu2.1_amd64.deb
      Size/MD5:   154214 e772c3b4149e77ec9f01a65dbc5f7db6
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1_amd64.deb
      Size/MD5:  2191658 1f05a263d098683c8b16bd8857d6e145
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs21/emacs21-nox_21.4a-3ubuntu2.1_amd64.deb
      Size/MD5:  1968288 94f08bff63c26add0b301199d418d3b4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-3ubuntu2.1_i386.deb
      Size/MD5:   133606 314cb24fb1bc3c6a3f8889c1903efafb
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1_i386.deb
      Size/MD5:  1993942 3a72d9d58a30b2691bd2cb0444eb3628
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs21/emacs21-nox_21.4a-3ubuntu2.1_i386.deb
      Size/MD5:  1809020 a94068adb60786e8404fea83713d080b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-3ubuntu2.1_powerpc.deb
      Size/MD5:   147262 a7e46e0e7615d95155b1437f46857a91
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1_powerpc.deb
      Size/MD5:  2110578 029ec6a85307c31372ae64b9a020c4f1
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs21/emacs21-nox_21.4a-3ubuntu2.1_powerpc.deb
      Size/MD5:  1898816 2cabd83c97295b21f4ed679169e11e6b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-3ubuntu2.1_sparc.deb
      Size/MD5:   139632 ab2e75ab6f58c7b51b577fe034efd1d3
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-3ubuntu2.1_sparc.deb
      Size/MD5:  2105040 05180a3b8d223843ec1d41d34961a384
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs21/emacs21-nox_21.4a-3ubuntu2.1_sparc.deb
      Size/MD5:  1907444 8ebfa96e8856ae5b4351f184ceeb6d29

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1.diff.gz
      Size/MD5:   153372 5d9cbbd8cc38c79480c8888976fb7d31
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1.dsc
      Size/MD5:      878 4b84d1d5f69fd814b313ba989f196f0e
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a.orig.tar.gz
      Size/MD5: 18113820 0a85e242da6eb61f86fda5ad1c762d5a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-common_21.4a-6ubuntu2.1_all.deb
      Size/MD5: 10937600 948967901cc660c66574c2af92f2086a
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-el_21.4a-6ubuntu2.1_all.deb
      Size/MD5:  7153006 d1133af95e400bb810e5ee35b211f5e7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-6ubuntu2.1_amd64.deb
      Size/MD5:   152730 6613905de920116c3a136974c9c83150
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a-6ubuntu2.1_amd64.deb
      Size/MD5:  1960328 28b91331cc86572bb154be0474ef5004
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1_amd64.deb
      Size/MD5:  2188418 642f6a9e264c1d80389c91b65045501b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-6ubuntu2.1_i386.deb
      Size/MD5:   137382 b35fd0a8849b8915bc2a94ac48b34086
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a-6ubuntu2.1_i386.deb
      Size/MD5:  1821666 141bb483f7053aa6f40dbeea896081ac
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1_i386.deb
      Size/MD5:  2016810 fc95b632d8436a133147a415c9c4f07e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-6ubuntu2.1_powerpc.deb
      Size/MD5:   148838 f5d05f9624451e5a2e688e55c05822dd
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a-6ubuntu2.1_powerpc.deb
      Size/MD5:  1900238 8ebda50e3f0be370eaf3619d7049d502
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1_powerpc.deb
      Size/MD5:  2112312 1a5d14c75f95d000fe6ac45a5a26391d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a-6ubuntu2.1_sparc.deb
      Size/MD5:   140278 bc6ed9589547f46bfb2075beac625540
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a-6ubuntu2.1_sparc.deb
      Size/MD5:  1907120 34f9f1f91923eefb2c7d4dfeb852509b
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a-6ubuntu2.1_sparc.deb
      Size/MD5:  2105618 caace7ae0c77dea3f1df38742baeb257

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1.diff.gz
      Size/MD5:   187527 a9f53d54f4a019ebe05a30cddb190d1f
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1.dsc
      Size/MD5:     1007 909ee7636bfdb2d5fa30a4adeb9ce347
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1.orig.tar.gz
      Size/MD5: 15188829 2614ad1ce5c547e682e76049717a704d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs-el_21.4a+1-2ubuntu1.1_all.deb
      Size/MD5:    24828 993e97b19e708e545d6ce969557b782e
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs-nox_21.4a+1-2ubuntu1.1_all.deb
      Size/MD5:    24850 a36f289c0b5ce1157c925b56736438d4
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-common_21.4a+1-2ubuntu1.1_all.deb
      Size/MD5:  9372892 34341df5a3a23fb7ca3c9eb06e5e0da0
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-el_21.4a+1-2ubuntu1.1_all.deb
      Size/MD5:  7162688 a08bc6dcaabb08f22be46819d16dc520
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs_21.4a+1-2ubuntu1.1_all.deb
      Size/MD5:    24896 3185faec910804a18403af7fbe56fc57

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a+1-2ubuntu1.1_amd64.deb
      Size/MD5:   162750 b3c3e6a0d9550501730a15ba5f0175b7
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a+1-2ubuntu1.1_amd64.deb
      Size/MD5:  1973602 d22e1fe1a9fc883fba99c87d081a1ae2
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1_amd64.deb
      Size/MD5:  2198780 b7b19a9120e4db3e40c7ac35fbe1521a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a+1-2ubuntu1.1_i386.deb
      Size/MD5:   146868 fc27aaa16128c27149bcb8fa587403a8
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a+1-2ubuntu1.1_i386.deb
      Size/MD5:  1828408 534b212a1df61ae41bcbf41c68875637
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1_i386.deb
      Size/MD5:  2024296 c65b993759efa91bfd11f3af76fb9101

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a+1-2ubuntu1.1_powerpc.deb
      Size/MD5:   162578 72e515c8b7d2f5e5988590a84a9233f9
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a+1-2ubuntu1.1_powerpc.deb
      Size/MD5:  1907550 ab6df2decccebecdacbd23d41388256d
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1_powerpc.deb
      Size/MD5:  2121602 3e3acfc026705a2aeb926352a5007e32

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-bin-common_21.4a+1-2ubuntu1.1_sparc.deb
      Size/MD5:   151746 d00625451fd09256c40ad573a2d59dd8
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21-nox_21.4a+1-2ubuntu1.1_sparc.deb
      Size/MD5:  1916684 d216662c9176def5de71a7d0dd6a9a40
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs21/emacs21_21.4a+1-2ubuntu1.1_sparc.deb
      Size/MD5:  2119534 7b5e4c74aa00a0154600fc2f2303a7e7


--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG1Jj+H/9LqRcGPm0RAsydAKCLhoGhQBU2RiMXr+E1I6GuS8+qNQCfZGcf
9wYJes2KFNbTyGyzGHfuOWU=sBtx
-----END PGP SIGNATURE-----

--k+w/mQv8wyuph6w0--


--==============237665568693559998=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============237665568693559998==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.