LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Emacs vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-541-1          November 13, 2007
emacs22 vulnerability
CVE-2007-5795
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  emacs22                         22.1-0ubuntu5.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Drake Wilson discovered that Emacs did not correctly handle the safe
mode of "enable-local-variables". If a user were tricked into opening
a specially crafted file while "enable-local-variables" was set to the
non-default ":safe", a remote attacker could execute arbitrary commands
with the user's privileges.


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.diff.gz
      Size/MD5:    31839 daac7632708045145dff688900b7627e
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.dsc
      Size/MD5:     1094 9ee2aec99e8c5e084e8fba2830548e5a
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1.orig.tar.gz
      Size/MD5: 38172226 6949df37caec2d7a2e0eee3f1b422726

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.1-0ubuntu5.1_all.deb
      Size/MD5: 18577010 5e070efae1ad5f584b4c9c058b7f8d71
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.1-0ubuntu5.1_all.deb
      Size/MD5: 11170894 9c2d1be2028e707396f51e1eec6ef5a6
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.1-0ubuntu5.1_all.deb
      Size/MD5:     4476 6bff7051ee8d52bb742fea7103f1c7d9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_amd64.deb
      Size/MD5:   179578 ba931e56ad03653a16b4adc1438e16f1
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_amd64.deb
      Size/MD5:  1933100 bc50b9ed6bb4b8dcd3f9d40edb3b2eb8
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_amd64.deb
      Size/MD5:  2215464 c2c7e4f3ed03834ed5ede1560bbc2049
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_amd64.deb
      Size/MD5:  2208806 20dc6aab6d12d9c28280855a558f8f19

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_i386.deb
      Size/MD5:   160860 c5b3eb523d873c1a58c4ecb9ace72ce7
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_i386.deb
      Size/MD5:  1704948 ba3f0d7c81e80c47bd1c3bd2e823742a
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_i386.deb
      Size/MD5:  1953414 b00fe8d866f6c20f0b204dcbfd68ca4c
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_i386.deb
      Size/MD5:  1946230 48b0afc1dadaa29637411c77939f40fc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_powerpc.deb
      Size/MD5:   178814 81f619f2744e31d2ada82515284f4d03
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_powerpc.deb
      Size/MD5:  1844778 491dc3cba5b629a84bb91dc8e6c2352d
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_powerpc.deb
      Size/MD5:  2117490 9dd0eb9b7476ac3822b477982af4f1c0
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_powerpc.deb
      Size/MD5:  2108164 5e605eae9a9909e07f9129850e5fae99

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_sparc.deb
      Size/MD5:   166048 6e9af301ebe03290c461ee1727038606
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_sparc.deb
      Size/MD5:  1803268 20d302817fe0176d00d809847ebfa5e0
    http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_sparc.deb
      Size/MD5:  2053664 f36a010a7926f2f52539f70aed9002e7
    http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_sparc.deb
      Size/MD5:  2048642 123992bee7c6d627f1b556dc3d5668f5


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Heartbleed: Security experts reality-check the 3 most hysterical fears
Open source trounces proprietary software for code defects, Coverity analysis finds
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.