[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071113221604.GB2092@outflux.net>
Date: Tue, 13 Nov 2007 14:16:04 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-541-1] Emacs vulnerability
===========================================================
Ubuntu Security Notice USN-541-1 November 13, 2007
emacs22 vulnerability
CVE-2007-5795
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
emacs22 22.1-0ubuntu5.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Drake Wilson discovered that Emacs did not correctly handle the safe
mode of "enable-local-variables". If a user were tricked into opening
a specially crafted file while "enable-local-variables" was set to the
non-default ":safe", a remote attacker could execute arbitrary commands
with the user's privileges.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.diff.gz
Size/MD5: 31839 daac7632708045145dff688900b7627e
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1.dsc
Size/MD5: 1094 9ee2aec99e8c5e084e8fba2830548e5a
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1.orig.tar.gz
Size/MD5: 38172226 6949df37caec2d7a2e0eee3f1b422726
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-common_22.1-0ubuntu5.1_all.deb
Size/MD5: 18577010 5e070efae1ad5f584b4c9c058b7f8d71
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-el_22.1-0ubuntu5.1_all.deb
Size/MD5: 11170894 9c2d1be2028e707396f51e1eec6ef5a6
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs_22.1-0ubuntu5.1_all.deb
Size/MD5: 4476 6bff7051ee8d52bb742fea7103f1c7d9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_amd64.deb
Size/MD5: 179578 ba931e56ad03653a16b4adc1438e16f1
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_amd64.deb
Size/MD5: 1933100 bc50b9ed6bb4b8dcd3f9d40edb3b2eb8
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_amd64.deb
Size/MD5: 2215464 c2c7e4f3ed03834ed5ede1560bbc2049
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_amd64.deb
Size/MD5: 2208806 20dc6aab6d12d9c28280855a558f8f19
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_i386.deb
Size/MD5: 160860 c5b3eb523d873c1a58c4ecb9ace72ce7
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_i386.deb
Size/MD5: 1704948 ba3f0d7c81e80c47bd1c3bd2e823742a
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_i386.deb
Size/MD5: 1953414 b00fe8d866f6c20f0b204dcbfd68ca4c
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_i386.deb
Size/MD5: 1946230 48b0afc1dadaa29637411c77939f40fc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_powerpc.deb
Size/MD5: 178814 81f619f2744e31d2ada82515284f4d03
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_powerpc.deb
Size/MD5: 1844778 491dc3cba5b629a84bb91dc8e6c2352d
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_powerpc.deb
Size/MD5: 2117490 9dd0eb9b7476ac3822b477982af4f1c0
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_powerpc.deb
Size/MD5: 2108164 5e605eae9a9909e07f9129850e5fae99
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-bin-common_22.1-0ubuntu5.1_sparc.deb
Size/MD5: 166048 6e9af301ebe03290c461ee1727038606
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22-nox_22.1-0ubuntu5.1_sparc.deb
Size/MD5: 1803268 20d302817fe0176d00d809847ebfa5e0
http://security.ubuntu.com/ubuntu/pool/main/e/emacs22/emacs22_22.1-0ubuntu5.1_sparc.deb
Size/MD5: 2053664 f36a010a7926f2f52539f70aed9002e7
http://security.ubuntu.com/ubuntu/pool/universe/e/emacs22/emacs22-gtk_22.1-0ubuntu5.1_sparc.deb
Size/MD5: 2048642 123992bee7c6d627f1b556dc3d5668f5
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
--
ubuntu-security-announce mailing list
ubuntu-security-announce@...ts.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Powered by blists - more mailing lists