[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JMGg2-0006cD-AZ@artemis.annvix.ca>
Date: Mon, 04 Feb 2008 22:49:02 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:034 ] - Updated emacs packages fix
vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:034
http://www.mandriva.com/security/
_______________________________________________________________________
Package : emacs
Date : February 4, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
The hack-local-variable function in Emacs 22 prior to version 22.2,
when enable-local-variables is set to ':safe', did not properly search
lists of unsafe or risky variables, which could allow user-assisted
attackers to bypass intended restrictions and modify critical
program variables via a file containing a Local variables declaration
(CVE-2007-5795; only affects Mandriva Linux 2008.0).
A stack-based buffer overflow in emacs could allow user-assisted
attackers to cause an application crash or possibly have other
unspecified impacts via a large precision value in an integer format
string specifier to the format function (CVE-2007-6109).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
f21e7e74502d46bc080f4a48080c574a 2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm
a73d62aee609e6be32937b681780a0b6 2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm
589a15364fb4cfbf12e8e47b7104a7fa 2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm
2253dd2b8b5aa563add08e7350a65f44 2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm
919175eea98794b2a4ea7b3626119a8a 2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm
a8c1c605bd854db7637b8318f7b5c7f5 2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm
58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
a6ff38fc50ebb49e211bc5cf10231e01 2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm
d8bc4c5f8663c2c4e3fef168db4f16b9 2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm
c5c6dd9d95905c838ca6d731f208f67e 2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm
a5ae4708158e52a3de4bdeb3e3c203fc 2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm
0ef28ab5726ae394499645062c633602 2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm
e90514c50fd5cef37dc59a27b705d13c 2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm
58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
bacb82a95ab9babc66aa7a46e6b4dc82 2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm
954785ebcf994cea467008606ceb7865 2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm
77e9d3072e695b29d07ebac0f40fd262 2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm
880b385fea1eb26b5bac57427c86ba08 2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm
4f2e9e2a7a5099f4de32c53822cf736a 2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm
bb2fce94cb107de86bff7b0727be023c 2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm
93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
8285245a590680e2cee5520e4a627703 2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm
bc97da27f378af323630a2f318c24155 2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm
306c2ea8ecc96094195ed970e6648245 2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm
4dddafd86ec989b8329062c44a909a9c 2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm
024fed6e709952488ef2d6ed0397de9d 2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm
c096d01ea9be0779f46d8a1474d5318f 2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm
93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
e6dd6abf0cb27d303b22e80d1091bd1e 2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm
4dfa152d8998fc5c8fe78e3cbaf125f6 2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm
ff9cc6e64a7142198b49f551944f7357 2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm
25af5a88aacdbaa419a67d4adf125589 2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm
dd847a0b9e3eb8cd59d69dc365320ff1 2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm
3592f389b333475fa94cb4dc84cde8be 2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm
0fb982382245c7858def3f788820cdac 2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm
fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
551b608acfd97bd227f3d3c8b5b6f155 2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm
88e56aabb7dd52cdc9fd813ecc376c12 2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm
6f1a0ffb0600cf3e076257f0972793a9 2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm
f6a8a3d45feb6d04e66fc5ffd4eb2067 2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm
0377fec7fb8f09dfd84db6fa6de6ff0a 2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm
f914847423ed5c5fa217f77c19d0b312 2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm
f834fbcb86b540946dbbb7fd68ef97d8 2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm
fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm
Corporate 3.0:
846bc555f6e24843329bc971a0d86e7d corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm
e5f5a7c2885801f69284d2cf83cc7657 corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm
fbd6b3dcdbe55b8f6a238c6c28c819ac corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm
920d56462f970bd5228a3a9729ec149c corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm
9a762f39fda7e8af966f2d8580ff561d corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm
adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
91a59e872e88638df84b32cd7cdb7fe4 corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm
a4ccc81d17b1397d5fdec6eb6e2ddad9 corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm
4f08fc2400cc2ef9ed3d2970f3324ffe corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm
d77294d54d8908cf3016cd7f1cafe1ea corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm
7eba0bf35e01c4a6e1018a8cb5225115 corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm
adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm
Corporate 4.0:
ce19613054ce62dd96433b01b91258b1 corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm
b67b18e5f5fccbb9c4012f49f31325f0 corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm
146214a37b174b2b59d7e883bb29802f corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm
0bf2f09a9a5a0b02c0f9600e34ba9f84 corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm
92cd0e9c3bfa881f0303810d6e9e8cbf corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm
7a75213230a1f3a905ee91d588b6cd08 corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm
af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
173a3addd59c8706d407be4926712920 corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm
a445eb2f6c731ac7b11da483d533911a corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm
46385585ed5da20703584623f862c8eb corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm
32a6678ddee851f69d541cfafa3e101e corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm
980dce6cf406dac7c3ee1d89073c6d91 corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm
5814b72ab37b9bdd8ea2b58de765ebad corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm
af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHp8z7mqjQ0CJFipgRAtNtAJ9/AC9geA+QIBE3TM0v+IwziIfOWgCfdVRj
RD8hy/qUWC+OatCCbnurL+I=
=3oy6
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists