| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 06 May 2008 16:23:00 -0600 From: security@...driva.com To: full-disclosure@...ts.grok.org.uk Subject: [ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:096 http://www.mandriva.com/security/ _______________________________________________________________________ Package : emacs Date : May 6, 2008 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program (CVE-2008-1694). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 860acff5c4b9ab1c1eaf0acef4fba66b 2007.1/i586/emacs-21.4-26.3mdv2007.1.i586.rpm c6234d6a7df7d8055ee1e0564d69d887 2007.1/i586/emacs-doc-21.4-26.3mdv2007.1.i586.rpm 314161c6971dcb7cb9b74a79d1824817 2007.1/i586/emacs-el-21.4-26.3mdv2007.1.i586.rpm 2359d69f340ffa74497d41f323431cf1 2007.1/i586/emacs-leim-21.4-26.3mdv2007.1.i586.rpm 07e1609387915960408eb3c53c4e0523 2007.1/i586/emacs-nox-21.4-26.3mdv2007.1.i586.rpm 70f6305375ed24d4187697e70244d47d 2007.1/i586/emacs-X11-21.4-26.3mdv2007.1.i586.rpm 71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 7cbf1f306944e9fc743d17eac9a690e3 2007.1/x86_64/emacs-21.4-26.3mdv2007.1.x86_64.rpm a1665ec7e029414dce426d6a0d8860b2 2007.1/x86_64/emacs-doc-21.4-26.3mdv2007.1.x86_64.rpm f5e8f8c007cf6b75eaa82a90c92dcfdb 2007.1/x86_64/emacs-el-21.4-26.3mdv2007.1.x86_64.rpm 7218cb8a51fde73651861426520489f3 2007.1/x86_64/emacs-leim-21.4-26.3mdv2007.1.x86_64.rpm 0511da9605eebab1758384fab2109609 2007.1/x86_64/emacs-nox-21.4-26.3mdv2007.1.x86_64.rpm 9fe75d9966416762cea8e883390920e8 2007.1/x86_64/emacs-X11-21.4-26.3mdv2007.1.x86_64.rpm 71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm Mandriva Linux 2008.0: c9ba30c103c33e130f5b681d78c8699a 2008.0/i586/emacs-22.1-5.2mdv2008.0.i586.rpm 32bd11050ddacc1ec95e9065cb780e65 2008.0/i586/emacs-common-22.1-5.2mdv2008.0.i586.rpm 9af474b1531f49e224e87d26622bad07 2008.0/i586/emacs-doc-22.1-5.2mdv2008.0.i586.rpm 1f083e4597b6d020e607c7ece58d77de 2008.0/i586/emacs-el-22.1-5.2mdv2008.0.i586.rpm 072eeb95d628132f2fec9221b8ac189f 2008.0/i586/emacs-gtk-22.1-5.2mdv2008.0.i586.rpm 31e7d065766e842bc9cf3c63e4542a10 2008.0/i586/emacs-leim-22.1-5.2mdv2008.0.i586.rpm 345f0b210b4bcb683743d3b0f1cba400 2008.0/i586/emacs-nox-22.1-5.2mdv2008.0.i586.rpm 906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 91d12df0967e218bb45b501331809938 2008.0/x86_64/emacs-22.1-5.2mdv2008.0.x86_64.rpm 4db1ac1b2c134d6213d62f470c71ac14 2008.0/x86_64/emacs-common-22.1-5.2mdv2008.0.x86_64.rpm 4add93abb0f2b7cc35099ec213adba7b 2008.0/x86_64/emacs-doc-22.1-5.2mdv2008.0.x86_64.rpm 83faecb5f1d71c08c21d8273b514ee4a 2008.0/x86_64/emacs-el-22.1-5.2mdv2008.0.x86_64.rpm b23989605afbabd02c492678d3c605ec 2008.0/x86_64/emacs-gtk-22.1-5.2mdv2008.0.x86_64.rpm 0b7e8171ae8a9172ca13f2ef45f50735 2008.0/x86_64/emacs-leim-22.1-5.2mdv2008.0.x86_64.rpm 6307e2d6dc2cc98149889c2dc1c24445 2008.0/x86_64/emacs-nox-22.1-5.2mdv2008.0.x86_64.rpm 906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 647b6641b52789efbd0f85ea3ae387b1 2008.1/i586/emacs-22.1-7.1mdv2008.1.i586.rpm 84d1ee873a006081bf3ed4745ff13878 2008.1/i586/emacs-common-22.1-7.1mdv2008.1.i586.rpm b247778379c2951a47e1782db642aebd 2008.1/i586/emacs-doc-22.1-7.1mdv2008.1.i586.rpm 19fbe6b0cfc7e21dd2dcccb0e6fb7196 2008.1/i586/emacs-el-22.1-7.1mdv2008.1.i586.rpm c1865d49ae83ea15a67b4552f495062f 2008.1/i586/emacs-gtk-22.1-7.1mdv2008.1.i586.rpm f8fd80661b9f9cef08cbfedec671cfdc 2008.1/i586/emacs-leim-22.1-7.1mdv2008.1.i586.rpm 927a81595e5eb745413abcc3bca8917e 2008.1/i586/emacs-nox-22.1-7.1mdv2008.1.i586.rpm e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 37a105e997167f86a702dc5c659f590a 2008.1/x86_64/emacs-22.1-7.1mdv2008.1.x86_64.rpm d7f4640c1cc272af0b7de8c698348490 2008.1/x86_64/emacs-common-22.1-7.1mdv2008.1.x86_64.rpm 4ecd2e3093d92d002563e4f11ede8eea 2008.1/x86_64/emacs-doc-22.1-7.1mdv2008.1.x86_64.rpm 7b868b093f3b7715d2629b2eb769bcbc 2008.1/x86_64/emacs-el-22.1-7.1mdv2008.1.x86_64.rpm e89feeb2922c69c99cc80b755f280bb7 2008.1/x86_64/emacs-gtk-22.1-7.1mdv2008.1.x86_64.rpm ca1bd2740a25f3bd8714ce61069a9352 2008.1/x86_64/emacs-leim-22.1-7.1mdv2008.1.x86_64.rpm 72a3860bd489a6d7bb6738622cd59472 2008.1/x86_64/emacs-nox-22.1-7.1mdv2008.1.x86_64.rpm e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm Corporate 3.0: 5938a7176748d2c054aee8cc26fe99a9 corporate/3.0/i586/emacs-21.3-9.4.C30mdk.i586.rpm f4ba9961d6ab3a13dcfed2f500dc1b64 corporate/3.0/i586/emacs-el-21.3-9.4.C30mdk.i586.rpm 46035ccd6b40df7b806b2fc7f5560eb3 corporate/3.0/i586/emacs-leim-21.3-9.4.C30mdk.i586.rpm 8dec136a6d4eec4045fa18f9102fb229 corporate/3.0/i586/emacs-nox-21.3-9.4.C30mdk.i586.rpm b10cba863838d008b1183e09cae9c968 corporate/3.0/i586/emacs-X11-21.3-9.4.C30mdk.i586.rpm 2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm Corporate 3.0/X86_64: 66e934780af0a4cc559c4d919f59b58b corporate/3.0/x86_64/emacs-21.3-9.4.C30mdk.x86_64.rpm 33ef8e10456ca3d79a8b6cb272095151 corporate/3.0/x86_64/emacs-el-21.3-9.4.C30mdk.x86_64.rpm 71a2b73b95e5d53fe0d848f2143ca1ca corporate/3.0/x86_64/emacs-leim-21.3-9.4.C30mdk.x86_64.rpm cf2c1f53dd531d8713fe002749892ae1 corporate/3.0/x86_64/emacs-nox-21.3-9.4.C30mdk.x86_64.rpm 79e696a60033b3b2471ba833423323e8 corporate/3.0/x86_64/emacs-X11-21.3-9.4.C30mdk.x86_64.rpm 2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm Corporate 4.0: 45676adfed25e12b9715885833fcb187 corporate/4.0/i586/emacs-21.4-20.3.20060mlcs4.i586.rpm e90636e8acbb136d88d3d43a488f8da8 corporate/4.0/i586/emacs-doc-21.4-20.3.20060mlcs4.i586.rpm b4853627d21efb6b7ca84d726528eaa5 corporate/4.0/i586/emacs-el-21.4-20.3.20060mlcs4.i586.rpm 1e155750aca968a44604096411e7af48 corporate/4.0/i586/emacs-leim-21.4-20.3.20060mlcs4.i586.rpm 7baf91055dd648878f27a2f9c6cfb830 corporate/4.0/i586/emacs-nox-21.4-20.3.20060mlcs4.i586.rpm 2910ce2399015e5d994a947ea8590c2b corporate/4.0/i586/emacs-X11-21.4-20.3.20060mlcs4.i586.rpm 97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: abd961b76638d924830a1dd8ad042373 corporate/4.0/x86_64/emacs-21.4-20.3.20060mlcs4.x86_64.rpm 892208a32b3fa46b943a7c2b37636d1a corporate/4.0/x86_64/emacs-doc-21.4-20.3.20060mlcs4.x86_64.rpm 3f6059bd8402868f58661b2ef90b4124 corporate/4.0/x86_64/emacs-el-21.4-20.3.20060mlcs4.x86_64.rpm a1707e8d3435c141db73e04458f0e3d6 corporate/4.0/x86_64/emacs-leim-21.4-20.3.20060mlcs4.x86_64.rpm 0535a66c3c41e0fb53ea0ffb448a1f0d corporate/4.0/x86_64/emacs-nox-21.4-20.3.20060mlcs4.x86_64.rpm 13f4349cafa04f5e21fdfb71132454cf corporate/4.0/x86_64/emacs-X11-21.4-20.3.20060mlcs4.x86_64.rpm 97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFIIK55mqjQ0CJFipgRAq+ZAJ0fW67aU94XKpMZrLm/p9A742wXeACgx8ko aq13NQvRnmbkA3V4P8brgk4= =Semw -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists