lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1O4DQn-0005rm-4k@titan.mandriva.com>
Date: Tue, 20 Apr 2010 15:24:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:083 ] emacs


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:083
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : emacs
 Date    : April 20, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in emacs:
 
 lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to
 read, modify, or delete arbitrary mailbox files via a symlink attack,
 related to improper file-permission checks (CVE-2010-0825).
 
 Packages for 2008.0 and 2009.0 are provided due to the Extended
 Maintenance Program for those products.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0825
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 8a36ed0e4ee5e60e6d15bae8ff41f629  2008.0/i586/emacs-22.1-5.5mdv2008.0.i586.rpm
 fdd8511e920ced5d618d3cd6aba68911  2008.0/i586/emacs-common-22.1-5.5mdv2008.0.i586.rpm
 ca04fb9a07164015f2528a8786d77f29  2008.0/i586/emacs-doc-22.1-5.5mdv2008.0.i586.rpm
 a88f5daab983d28f945484f71cf1e828  2008.0/i586/emacs-el-22.1-5.5mdv2008.0.i586.rpm
 0419331869c819f648d8890e7f50ec1c  2008.0/i586/emacs-gtk-22.1-5.5mdv2008.0.i586.rpm
 db38ffe92d447d5971fe1dc684c4ce00  2008.0/i586/emacs-leim-22.1-5.5mdv2008.0.i586.rpm
 25cc16c584b483c7f22821140b1b938a  2008.0/i586/emacs-nox-22.1-5.5mdv2008.0.i586.rpm 
 1402cff0f3567e12b9993f6ff986c805  2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f4264ec18e313e5d06886dd9ffa5f204  2008.0/x86_64/emacs-22.1-5.5mdv2008.0.x86_64.rpm
 fd0d05ad7ffe83fffca4ccecae8e3325  2008.0/x86_64/emacs-common-22.1-5.5mdv2008.0.x86_64.rpm
 b3e23700f78da33dffa5c84dc6da2bdb  2008.0/x86_64/emacs-doc-22.1-5.5mdv2008.0.x86_64.rpm
 4d03f0945652db265d8d84e1d64933b2  2008.0/x86_64/emacs-el-22.1-5.5mdv2008.0.x86_64.rpm
 4c3ece999300f74d84889f80fb98db1f  2008.0/x86_64/emacs-gtk-22.1-5.5mdv2008.0.x86_64.rpm
 ad9cf01c131774cce30c6f56dba1c0e0  2008.0/x86_64/emacs-leim-22.1-5.5mdv2008.0.x86_64.rpm
 9825be3852973a906c63eb0c4442fdf6  2008.0/x86_64/emacs-nox-22.1-5.5mdv2008.0.x86_64.rpm 
 1402cff0f3567e12b9993f6ff986c805  2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 c1f452b2b7a900adc5cd5f2227b592d9  2009.0/i586/emacs-22.3-2.1mdv2009.0.i586.rpm
 860f26ae0eb85825af7f059615884448  2009.0/i586/emacs-common-22.3-2.1mdv2009.0.i586.rpm
 e8f11e4b732db5a858f294eccca45656  2009.0/i586/emacs-doc-22.3-2.1mdv2009.0.i586.rpm
 4ff5202dcc2395ca1bcc256d626f6e26  2009.0/i586/emacs-el-22.3-2.1mdv2009.0.i586.rpm
 4fb94a77c1cf27c5467d4168f7a87753  2009.0/i586/emacs-gtk-22.3-2.1mdv2009.0.i586.rpm
 1527ff5aafb16dcf155a5ca4d4014488  2009.0/i586/emacs-leim-22.3-2.1mdv2009.0.i586.rpm
 4e1bcb4be6156a7c21705198b64c13ad  2009.0/i586/emacs-nox-22.3-2.1mdv2009.0.i586.rpm 
 3051661fcbf692988df69fb8c46d604f  2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6b0af1b476b32050822c7950a022cf63  2009.0/x86_64/emacs-22.3-2.1mdv2009.0.x86_64.rpm
 6de11081983013fa58c875af4dd43dda  2009.0/x86_64/emacs-common-22.3-2.1mdv2009.0.x86_64.rpm
 6080884452f7c688c1046a8eee7bfb93  2009.0/x86_64/emacs-doc-22.3-2.1mdv2009.0.x86_64.rpm
 b7c60b9b150e8ab9d6471477971dfe7e  2009.0/x86_64/emacs-el-22.3-2.1mdv2009.0.x86_64.rpm
 e22cd8c5b6871bb10dfd105e1fe93c6d  2009.0/x86_64/emacs-gtk-22.3-2.1mdv2009.0.x86_64.rpm
 3e4bbf7f08060542dfd06308aefda09d  2009.0/x86_64/emacs-leim-22.3-2.1mdv2009.0.x86_64.rpm
 02c66cddddd82e9c30a7e3544fd3b9a0  2009.0/x86_64/emacs-nox-22.3-2.1mdv2009.0.x86_64.rpm 
 3051661fcbf692988df69fb8c46d604f  2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 d46fd2bc2ef99ffa3ac35bc7bb5d46a9  2009.1/i586/emacs-22.3-4.1mdv2009.1.i586.rpm
 1b1f0545718048547885c1338b5651ec  2009.1/i586/emacs-common-22.3-4.1mdv2009.1.i586.rpm
 f6b1005dd1b529f89da2af6e1697ec6d  2009.1/i586/emacs-doc-22.3-4.1mdv2009.1.i586.rpm
 a210802a6507090cdb81168b86128867  2009.1/i586/emacs-el-22.3-4.1mdv2009.1.i586.rpm
 9977e4a61f16d3afddc89691768d0fc1  2009.1/i586/emacs-gtk-22.3-4.1mdv2009.1.i586.rpm
 a85c9305c2239b22cbcecf5118c6da09  2009.1/i586/emacs-leim-22.3-4.1mdv2009.1.i586.rpm
 e0c7a27445140ef48dafccc553cd9317  2009.1/i586/emacs-nox-22.3-4.1mdv2009.1.i586.rpm 
 1b3914c818aeae1e4ea6a083b0af0d17  2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 fa88c22cdc5064d433238fa5078b62ba  2009.1/x86_64/emacs-22.3-4.1mdv2009.1.x86_64.rpm
 bb7213f01545508bf1a564eed7cb7037  2009.1/x86_64/emacs-common-22.3-4.1mdv2009.1.x86_64.rpm
 cfbda12c0fbf64bdb8854b746c035f6b  2009.1/x86_64/emacs-doc-22.3-4.1mdv2009.1.x86_64.rpm
 2b0879c394e9d504f289c24f054c0dbc  2009.1/x86_64/emacs-el-22.3-4.1mdv2009.1.x86_64.rpm
 797eda5597bd9cfce3ac01285991385c  2009.1/x86_64/emacs-gtk-22.3-4.1mdv2009.1.x86_64.rpm
 3dd582e834a33771c980b35862aab33a  2009.1/x86_64/emacs-leim-22.3-4.1mdv2009.1.x86_64.rpm
 cbae1087cfb5f6390a6f36b1cb29435d  2009.1/x86_64/emacs-nox-22.3-4.1mdv2009.1.x86_64.rpm 
 1b3914c818aeae1e4ea6a083b0af0d17  2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 f9fd03f96fc272bc63053a96cf843ac1  2010.0/i586/emacs-23.1-7.1mdv2010.0.i586.rpm
 681c0b44b0e22647067bd0e940be8827  2010.0/i586/emacs-common-23.1-7.1mdv2010.0.i586.rpm
 96d1a1ae8146ad61a215d3bf73b01700  2010.0/i586/emacs-doc-23.1-7.1mdv2010.0.i586.rpm
 8c8277a4a142800a0124469b67094aee  2010.0/i586/emacs-el-23.1-7.1mdv2010.0.i586.rpm
 36744d11530a8b669c806ca2914e3cf4  2010.0/i586/emacs-leim-23.1-7.1mdv2010.0.i586.rpm
 06102d1450f6c74060eae1d4407af99a  2010.0/i586/emacs-nox-23.1-7.1mdv2010.0.i586.rpm 
 4d9dd45bc26035a407e4c6d4b815c2a6  2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 71d28cedd7b4538855fb7dcaaa2dad8f  2010.0/x86_64/emacs-23.1-7.1mdv2010.0.x86_64.rpm
 4848d48176bc3259b4203408bd4de290  2010.0/x86_64/emacs-common-23.1-7.1mdv2010.0.x86_64.rpm
 18c40f7de50179cd24577e5d2b25a370  2010.0/x86_64/emacs-doc-23.1-7.1mdv2010.0.x86_64.rpm
 4be6369b10ee043d7a5a92f653786923  2010.0/x86_64/emacs-el-23.1-7.1mdv2010.0.x86_64.rpm
 b0636d25931219c429d3fd6ebcea52ed  2010.0/x86_64/emacs-leim-23.1-7.1mdv2010.0.x86_64.rpm
 f55a3a914aeabc657d753f31f361f58f  2010.0/x86_64/emacs-nox-23.1-7.1mdv2010.0.x86_64.rpm 
 4d9dd45bc26035a407e4c6d4b815c2a6  2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm

 Corporate 4.0:
 97bf2e36167aec16484e4262d7192246  corporate/4.0/i586/emacs-21.4-20.5.20060mlcs4.i586.rpm
 98f091ceaf519ca443e72813db520d9b  corporate/4.0/i586/emacs-doc-21.4-20.5.20060mlcs4.i586.rpm
 5f17f3acea1c9553b5949da67b035bbd  corporate/4.0/i586/emacs-el-21.4-20.5.20060mlcs4.i586.rpm
 d53be55d9228a96dfd655b7869da2c0b  corporate/4.0/i586/emacs-leim-21.4-20.5.20060mlcs4.i586.rpm
 1da93a12ecd0d70ea2cc926581783261  corporate/4.0/i586/emacs-nox-21.4-20.5.20060mlcs4.i586.rpm
 52b90583166c96d572f54dfec71d58bb  corporate/4.0/i586/emacs-X11-21.4-20.5.20060mlcs4.i586.rpm 
 c42ea31f7a8370f26a1c4920378a8fc6  corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4af8671bfa35744feff142f012a43523  corporate/4.0/x86_64/emacs-21.4-20.5.20060mlcs4.x86_64.rpm
 8585644cac16348f507e0612386083e0  corporate/4.0/x86_64/emacs-doc-21.4-20.5.20060mlcs4.x86_64.rpm
 d9189616e257bcd96ce7e2911ce4bd0d  corporate/4.0/x86_64/emacs-el-21.4-20.5.20060mlcs4.x86_64.rpm
 ed95b11dff637feac7de0070a2c41234  corporate/4.0/x86_64/emacs-leim-21.4-20.5.20060mlcs4.x86_64.rpm
 4b4e71c2e6b9d256f0a418c697cc5d07  corporate/4.0/x86_64/emacs-nox-21.4-20.5.20060mlcs4.x86_64.rpm
 5f5db454263d95aa831fc80cc138f591  corporate/4.0/x86_64/emacs-X11-21.4-20.5.20060mlcs4.x86_64.rpm 
 c42ea31f7a8370f26a1c4920378a8fc6  corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 17182742966ccef0e1ee6ee64cf6c17c  mes5/i586/emacs-22.3-2.1mdvmes5.1.i586.rpm
 2c828bd88fd8750f78f227a0056e7bad  mes5/i586/emacs-common-22.3-2.1mdvmes5.1.i586.rpm
 06aa75fc7aefae8e6eb4c8df6d99f19d  mes5/i586/emacs-doc-22.3-2.1mdvmes5.1.i586.rpm
 5836ed2232c06161b6d196022e35ad23  mes5/i586/emacs-el-22.3-2.1mdvmes5.1.i586.rpm
 d076d5c6111a9c7bd12fa92987d55974  mes5/i586/emacs-gtk-22.3-2.1mdvmes5.1.i586.rpm
 ebeced4cb7b5a5d9988331b7db910152  mes5/i586/emacs-leim-22.3-2.1mdvmes5.1.i586.rpm
 bec9bd00b1d3dd7c1dadbb0a5988cf78  mes5/i586/emacs-nox-22.3-2.1mdvmes5.1.i586.rpm 
 a0e1f2b44f9a7c89a05cc8d2e1ad0633  mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0b0eadf1a07340ed87cb28f9cd99baab  mes5/x86_64/emacs-22.3-2.1mdvmes5.1.x86_64.rpm
 03d3f340e9bf804982d3071187b2d6cd  mes5/x86_64/emacs-common-22.3-2.1mdvmes5.1.x86_64.rpm
 666d6b33034aff76c4caccf21dd2c787  mes5/x86_64/emacs-doc-22.3-2.1mdvmes5.1.x86_64.rpm
 e634c9037adbff1c38ca612cb46f0e3e  mes5/x86_64/emacs-el-22.3-2.1mdvmes5.1.x86_64.rpm
 097c47220c2d2a028761ef427bc041ee  mes5/x86_64/emacs-gtk-22.3-2.1mdvmes5.1.x86_64.rpm
 9cb00684bcc12ea6bcb0c5379346b2b6  mes5/x86_64/emacs-leim-22.3-2.1mdvmes5.1.x86_64.rpm
 f8de48a717ccdd6809b1e69ccc160e31  mes5/x86_64/emacs-nox-22.3-2.1mdvmes5.1.x86_64.rpm 
 a0e1f2b44f9a7c89a05cc8d2e1ad0633  mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLzXoWmqjQ0CJFipgRAgQ5AJ9Y6hLXe8ZEaWTe+EAkKK7yI4bRfQCdGCuX
231M6dHiA6lMkbnC4kxHbwY=
=MzZZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ