LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated emacs packages fix vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:034
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : emacs
 Date    : February 4, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The hack-local-variable function in Emacs 22 prior to version 22.2,
 when enable-local-variables is set to ':safe', did not properly search
 lists of unsafe or risky variables, which could allow user-assisted
 attackers to bypass intended restrictions and modify critical
 program variables via a file containing a Local variables declaration
 (CVE-2007-5795; only affects Mandriva Linux 2008.0).
 
 A stack-based buffer overflow in emacs could allow user-assisted
 attackers to cause an application crash or possibly have other
 unspecified impacts via a large precision value in an integer format
 string specifier to the format function (CVE-2007-6109).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 f21e7e74502d46bc080f4a48080c574a  2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm
 a73d62aee609e6be32937b681780a0b6  2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm
 589a15364fb4cfbf12e8e47b7104a7fa  2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm
 2253dd2b8b5aa563add08e7350a65f44  2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm
 919175eea98794b2a4ea7b3626119a8a  2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm
 a8c1c605bd854db7637b8318f7b5c7f5  2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a6ff38fc50ebb49e211bc5cf10231e01  2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm
 d8bc4c5f8663c2c4e3fef168db4f16b9  2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm
 c5c6dd9d95905c838ca6d731f208f67e  2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm
 a5ae4708158e52a3de4bdeb3e3c203fc  2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm
 0ef28ab5726ae394499645062c633602  2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm
 e90514c50fd5cef37dc59a27b705d13c  2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 bacb82a95ab9babc66aa7a46e6b4dc82  2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm
 954785ebcf994cea467008606ceb7865  2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm
 77e9d3072e695b29d07ebac0f40fd262  2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm
 880b385fea1eb26b5bac57427c86ba08  2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm
 4f2e9e2a7a5099f4de32c53822cf736a  2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm
 bb2fce94cb107de86bff7b0727be023c  2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8285245a590680e2cee5520e4a627703  2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm
 bc97da27f378af323630a2f318c24155  2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm
 306c2ea8ecc96094195ed970e6648245  2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm
 4dddafd86ec989b8329062c44a909a9c  2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm
 024fed6e709952488ef2d6ed0397de9d  2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm
 c096d01ea9be0779f46d8a1474d5318f  2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e6dd6abf0cb27d303b22e80d1091bd1e  2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm
 4dfa152d8998fc5c8fe78e3cbaf125f6  2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm
 ff9cc6e64a7142198b49f551944f7357  2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm
 25af5a88aacdbaa419a67d4adf125589  2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm
 dd847a0b9e3eb8cd59d69dc365320ff1  2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm
 3592f389b333475fa94cb4dc84cde8be  2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm
 0fb982382245c7858def3f788820cdac  2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 551b608acfd97bd227f3d3c8b5b6f155  2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm
 88e56aabb7dd52cdc9fd813ecc376c12  2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm
 6f1a0ffb0600cf3e076257f0972793a9  2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm
 f6a8a3d45feb6d04e66fc5ffd4eb2067  2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm
 0377fec7fb8f09dfd84db6fa6de6ff0a  2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm
 f914847423ed5c5fa217f77c19d0b312  2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm
 f834fbcb86b540946dbbb7fd68ef97d8  2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

 Corporate 3.0:
 846bc555f6e24843329bc971a0d86e7d  corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm
 e5f5a7c2885801f69284d2cf83cc7657  corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm
 fbd6b3dcdbe55b8f6a238c6c28c819ac  corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm
 920d56462f970bd5228a3a9729ec149c  corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm
 9a762f39fda7e8af966f2d8580ff561d  corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm 
 adc16c5f9ad32295db6ea036101069e2  corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 91a59e872e88638df84b32cd7cdb7fe4  corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm
 a4ccc81d17b1397d5fdec6eb6e2ddad9  corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm
 4f08fc2400cc2ef9ed3d2970f3324ffe  corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm
 d77294d54d8908cf3016cd7f1cafe1ea  corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm
 7eba0bf35e01c4a6e1018a8cb5225115  corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm 
 adc16c5f9ad32295db6ea036101069e2  corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

 Corporate 4.0:
 ce19613054ce62dd96433b01b91258b1  corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm
 b67b18e5f5fccbb9c4012f49f31325f0  corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm
 146214a37b174b2b59d7e883bb29802f  corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm
 0bf2f09a9a5a0b02c0f9600e34ba9f84  corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm
 92cd0e9c3bfa881f0303810d6e9e8cbf  corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm
 7a75213230a1f3a905ee91d588b6cd08  corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm 
 af9fa010f39b56f24803926854f0595e  corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 173a3addd59c8706d407be4926712920  corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm
 a445eb2f6c731ac7b11da483d533911a  corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm
 46385585ed5da20703584623f862c8eb  corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm
 32a6678ddee851f69d541cfafa3e101e  corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm
 980dce6cf406dac7c3ee1d89073c6d91  corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm
 5814b72ab37b9bdd8ea2b58de765ebad  corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm 
 af9fa010f39b56f24803926854f0595e  corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.