[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JtVYq-0007AF-BU@titan.mandriva.com>
Date: Tue, 06 May 2008 16:23:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:096 ] - Updated emacs packages fix
vulnerability in vcdiff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:096
http://www.mandriva.com/security/
_______________________________________________________________________
Package : emacs
Date : May 6, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Steve Grubb found that the vcdiff script in Emacs create temporary
files insecurely when used with SCCS. A local user could exploit a
race condition to create or overwrite files with the privileges of
the user invoking the program (CVE-2008-1694).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
860acff5c4b9ab1c1eaf0acef4fba66b 2007.1/i586/emacs-21.4-26.3mdv2007.1.i586.rpm
c6234d6a7df7d8055ee1e0564d69d887 2007.1/i586/emacs-doc-21.4-26.3mdv2007.1.i586.rpm
314161c6971dcb7cb9b74a79d1824817 2007.1/i586/emacs-el-21.4-26.3mdv2007.1.i586.rpm
2359d69f340ffa74497d41f323431cf1 2007.1/i586/emacs-leim-21.4-26.3mdv2007.1.i586.rpm
07e1609387915960408eb3c53c4e0523 2007.1/i586/emacs-nox-21.4-26.3mdv2007.1.i586.rpm
70f6305375ed24d4187697e70244d47d 2007.1/i586/emacs-X11-21.4-26.3mdv2007.1.i586.rpm
71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
7cbf1f306944e9fc743d17eac9a690e3 2007.1/x86_64/emacs-21.4-26.3mdv2007.1.x86_64.rpm
a1665ec7e029414dce426d6a0d8860b2 2007.1/x86_64/emacs-doc-21.4-26.3mdv2007.1.x86_64.rpm
f5e8f8c007cf6b75eaa82a90c92dcfdb 2007.1/x86_64/emacs-el-21.4-26.3mdv2007.1.x86_64.rpm
7218cb8a51fde73651861426520489f3 2007.1/x86_64/emacs-leim-21.4-26.3mdv2007.1.x86_64.rpm
0511da9605eebab1758384fab2109609 2007.1/x86_64/emacs-nox-21.4-26.3mdv2007.1.x86_64.rpm
9fe75d9966416762cea8e883390920e8 2007.1/x86_64/emacs-X11-21.4-26.3mdv2007.1.x86_64.rpm
71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
c9ba30c103c33e130f5b681d78c8699a 2008.0/i586/emacs-22.1-5.2mdv2008.0.i586.rpm
32bd11050ddacc1ec95e9065cb780e65 2008.0/i586/emacs-common-22.1-5.2mdv2008.0.i586.rpm
9af474b1531f49e224e87d26622bad07 2008.0/i586/emacs-doc-22.1-5.2mdv2008.0.i586.rpm
1f083e4597b6d020e607c7ece58d77de 2008.0/i586/emacs-el-22.1-5.2mdv2008.0.i586.rpm
072eeb95d628132f2fec9221b8ac189f 2008.0/i586/emacs-gtk-22.1-5.2mdv2008.0.i586.rpm
31e7d065766e842bc9cf3c63e4542a10 2008.0/i586/emacs-leim-22.1-5.2mdv2008.0.i586.rpm
345f0b210b4bcb683743d3b0f1cba400 2008.0/i586/emacs-nox-22.1-5.2mdv2008.0.i586.rpm
906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
91d12df0967e218bb45b501331809938 2008.0/x86_64/emacs-22.1-5.2mdv2008.0.x86_64.rpm
4db1ac1b2c134d6213d62f470c71ac14 2008.0/x86_64/emacs-common-22.1-5.2mdv2008.0.x86_64.rpm
4add93abb0f2b7cc35099ec213adba7b 2008.0/x86_64/emacs-doc-22.1-5.2mdv2008.0.x86_64.rpm
83faecb5f1d71c08c21d8273b514ee4a 2008.0/x86_64/emacs-el-22.1-5.2mdv2008.0.x86_64.rpm
b23989605afbabd02c492678d3c605ec 2008.0/x86_64/emacs-gtk-22.1-5.2mdv2008.0.x86_64.rpm
0b7e8171ae8a9172ca13f2ef45f50735 2008.0/x86_64/emacs-leim-22.1-5.2mdv2008.0.x86_64.rpm
6307e2d6dc2cc98149889c2dc1c24445 2008.0/x86_64/emacs-nox-22.1-5.2mdv2008.0.x86_64.rpm
906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
647b6641b52789efbd0f85ea3ae387b1 2008.1/i586/emacs-22.1-7.1mdv2008.1.i586.rpm
84d1ee873a006081bf3ed4745ff13878 2008.1/i586/emacs-common-22.1-7.1mdv2008.1.i586.rpm
b247778379c2951a47e1782db642aebd 2008.1/i586/emacs-doc-22.1-7.1mdv2008.1.i586.rpm
19fbe6b0cfc7e21dd2dcccb0e6fb7196 2008.1/i586/emacs-el-22.1-7.1mdv2008.1.i586.rpm
c1865d49ae83ea15a67b4552f495062f 2008.1/i586/emacs-gtk-22.1-7.1mdv2008.1.i586.rpm
f8fd80661b9f9cef08cbfedec671cfdc 2008.1/i586/emacs-leim-22.1-7.1mdv2008.1.i586.rpm
927a81595e5eb745413abcc3bca8917e 2008.1/i586/emacs-nox-22.1-7.1mdv2008.1.i586.rpm
e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
37a105e997167f86a702dc5c659f590a 2008.1/x86_64/emacs-22.1-7.1mdv2008.1.x86_64.rpm
d7f4640c1cc272af0b7de8c698348490 2008.1/x86_64/emacs-common-22.1-7.1mdv2008.1.x86_64.rpm
4ecd2e3093d92d002563e4f11ede8eea 2008.1/x86_64/emacs-doc-22.1-7.1mdv2008.1.x86_64.rpm
7b868b093f3b7715d2629b2eb769bcbc 2008.1/x86_64/emacs-el-22.1-7.1mdv2008.1.x86_64.rpm
e89feeb2922c69c99cc80b755f280bb7 2008.1/x86_64/emacs-gtk-22.1-7.1mdv2008.1.x86_64.rpm
ca1bd2740a25f3bd8714ce61069a9352 2008.1/x86_64/emacs-leim-22.1-7.1mdv2008.1.x86_64.rpm
72a3860bd489a6d7bb6738622cd59472 2008.1/x86_64/emacs-nox-22.1-7.1mdv2008.1.x86_64.rpm
e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm
Corporate 3.0:
5938a7176748d2c054aee8cc26fe99a9 corporate/3.0/i586/emacs-21.3-9.4.C30mdk.i586.rpm
f4ba9961d6ab3a13dcfed2f500dc1b64 corporate/3.0/i586/emacs-el-21.3-9.4.C30mdk.i586.rpm
46035ccd6b40df7b806b2fc7f5560eb3 corporate/3.0/i586/emacs-leim-21.3-9.4.C30mdk.i586.rpm
8dec136a6d4eec4045fa18f9102fb229 corporate/3.0/i586/emacs-nox-21.3-9.4.C30mdk.i586.rpm
b10cba863838d008b1183e09cae9c968 corporate/3.0/i586/emacs-X11-21.3-9.4.C30mdk.i586.rpm
2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
66e934780af0a4cc559c4d919f59b58b corporate/3.0/x86_64/emacs-21.3-9.4.C30mdk.x86_64.rpm
33ef8e10456ca3d79a8b6cb272095151 corporate/3.0/x86_64/emacs-el-21.3-9.4.C30mdk.x86_64.rpm
71a2b73b95e5d53fe0d848f2143ca1ca corporate/3.0/x86_64/emacs-leim-21.3-9.4.C30mdk.x86_64.rpm
cf2c1f53dd531d8713fe002749892ae1 corporate/3.0/x86_64/emacs-nox-21.3-9.4.C30mdk.x86_64.rpm
79e696a60033b3b2471ba833423323e8 corporate/3.0/x86_64/emacs-X11-21.3-9.4.C30mdk.x86_64.rpm
2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm
Corporate 4.0:
45676adfed25e12b9715885833fcb187 corporate/4.0/i586/emacs-21.4-20.3.20060mlcs4.i586.rpm
e90636e8acbb136d88d3d43a488f8da8 corporate/4.0/i586/emacs-doc-21.4-20.3.20060mlcs4.i586.rpm
b4853627d21efb6b7ca84d726528eaa5 corporate/4.0/i586/emacs-el-21.4-20.3.20060mlcs4.i586.rpm
1e155750aca968a44604096411e7af48 corporate/4.0/i586/emacs-leim-21.4-20.3.20060mlcs4.i586.rpm
7baf91055dd648878f27a2f9c6cfb830 corporate/4.0/i586/emacs-nox-21.4-20.3.20060mlcs4.i586.rpm
2910ce2399015e5d994a947ea8590c2b corporate/4.0/i586/emacs-X11-21.4-20.3.20060mlcs4.i586.rpm
97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
abd961b76638d924830a1dd8ad042373 corporate/4.0/x86_64/emacs-21.4-20.3.20060mlcs4.x86_64.rpm
892208a32b3fa46b943a7c2b37636d1a corporate/4.0/x86_64/emacs-doc-21.4-20.3.20060mlcs4.x86_64.rpm
3f6059bd8402868f58661b2ef90b4124 corporate/4.0/x86_64/emacs-el-21.4-20.3.20060mlcs4.x86_64.rpm
a1707e8d3435c141db73e04458f0e3d6 corporate/4.0/x86_64/emacs-leim-21.4-20.3.20060mlcs4.x86_64.rpm
0535a66c3c41e0fb53ea0ffb448a1f0d corporate/4.0/x86_64/emacs-nox-21.4-20.3.20060mlcs4.x86_64.rpm
13f4349cafa04f5e21fdfb71132454cf corporate/4.0/x86_64/emacs-X11-21.4-20.3.20060mlcs4.x86_64.rpm
97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIIK55mqjQ0CJFipgRAq+ZAJ0fW67aU94XKpMZrLm/p9A742wXeACgx8ko
aq13NQvRnmbkA3V4P8brgk4=
=Semw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists