[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1O4DQn-0005rm-4k@titan.mandriva.com>
Date: Tue, 20 Apr 2010 15:24:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:083 ] emacs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:083
http://www.mandriva.com/security/
_______________________________________________________________________
Package : emacs
Date : April 20, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in emacs:
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to
read, modify, or delete arbitrary mailbox files via a symlink attack,
related to improper file-permission checks (CVE-2010-0825).
Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0825
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
8a36ed0e4ee5e60e6d15bae8ff41f629 2008.0/i586/emacs-22.1-5.5mdv2008.0.i586.rpm
fdd8511e920ced5d618d3cd6aba68911 2008.0/i586/emacs-common-22.1-5.5mdv2008.0.i586.rpm
ca04fb9a07164015f2528a8786d77f29 2008.0/i586/emacs-doc-22.1-5.5mdv2008.0.i586.rpm
a88f5daab983d28f945484f71cf1e828 2008.0/i586/emacs-el-22.1-5.5mdv2008.0.i586.rpm
0419331869c819f648d8890e7f50ec1c 2008.0/i586/emacs-gtk-22.1-5.5mdv2008.0.i586.rpm
db38ffe92d447d5971fe1dc684c4ce00 2008.0/i586/emacs-leim-22.1-5.5mdv2008.0.i586.rpm
25cc16c584b483c7f22821140b1b938a 2008.0/i586/emacs-nox-22.1-5.5mdv2008.0.i586.rpm
1402cff0f3567e12b9993f6ff986c805 2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f4264ec18e313e5d06886dd9ffa5f204 2008.0/x86_64/emacs-22.1-5.5mdv2008.0.x86_64.rpm
fd0d05ad7ffe83fffca4ccecae8e3325 2008.0/x86_64/emacs-common-22.1-5.5mdv2008.0.x86_64.rpm
b3e23700f78da33dffa5c84dc6da2bdb 2008.0/x86_64/emacs-doc-22.1-5.5mdv2008.0.x86_64.rpm
4d03f0945652db265d8d84e1d64933b2 2008.0/x86_64/emacs-el-22.1-5.5mdv2008.0.x86_64.rpm
4c3ece999300f74d84889f80fb98db1f 2008.0/x86_64/emacs-gtk-22.1-5.5mdv2008.0.x86_64.rpm
ad9cf01c131774cce30c6f56dba1c0e0 2008.0/x86_64/emacs-leim-22.1-5.5mdv2008.0.x86_64.rpm
9825be3852973a906c63eb0c4442fdf6 2008.0/x86_64/emacs-nox-22.1-5.5mdv2008.0.x86_64.rpm
1402cff0f3567e12b9993f6ff986c805 2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm
Mandriva Linux 2009.0:
c1f452b2b7a900adc5cd5f2227b592d9 2009.0/i586/emacs-22.3-2.1mdv2009.0.i586.rpm
860f26ae0eb85825af7f059615884448 2009.0/i586/emacs-common-22.3-2.1mdv2009.0.i586.rpm
e8f11e4b732db5a858f294eccca45656 2009.0/i586/emacs-doc-22.3-2.1mdv2009.0.i586.rpm
4ff5202dcc2395ca1bcc256d626f6e26 2009.0/i586/emacs-el-22.3-2.1mdv2009.0.i586.rpm
4fb94a77c1cf27c5467d4168f7a87753 2009.0/i586/emacs-gtk-22.3-2.1mdv2009.0.i586.rpm
1527ff5aafb16dcf155a5ca4d4014488 2009.0/i586/emacs-leim-22.3-2.1mdv2009.0.i586.rpm
4e1bcb4be6156a7c21705198b64c13ad 2009.0/i586/emacs-nox-22.3-2.1mdv2009.0.i586.rpm
3051661fcbf692988df69fb8c46d604f 2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
6b0af1b476b32050822c7950a022cf63 2009.0/x86_64/emacs-22.3-2.1mdv2009.0.x86_64.rpm
6de11081983013fa58c875af4dd43dda 2009.0/x86_64/emacs-common-22.3-2.1mdv2009.0.x86_64.rpm
6080884452f7c688c1046a8eee7bfb93 2009.0/x86_64/emacs-doc-22.3-2.1mdv2009.0.x86_64.rpm
b7c60b9b150e8ab9d6471477971dfe7e 2009.0/x86_64/emacs-el-22.3-2.1mdv2009.0.x86_64.rpm
e22cd8c5b6871bb10dfd105e1fe93c6d 2009.0/x86_64/emacs-gtk-22.3-2.1mdv2009.0.x86_64.rpm
3e4bbf7f08060542dfd06308aefda09d 2009.0/x86_64/emacs-leim-22.3-2.1mdv2009.0.x86_64.rpm
02c66cddddd82e9c30a7e3544fd3b9a0 2009.0/x86_64/emacs-nox-22.3-2.1mdv2009.0.x86_64.rpm
3051661fcbf692988df69fb8c46d604f 2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
d46fd2bc2ef99ffa3ac35bc7bb5d46a9 2009.1/i586/emacs-22.3-4.1mdv2009.1.i586.rpm
1b1f0545718048547885c1338b5651ec 2009.1/i586/emacs-common-22.3-4.1mdv2009.1.i586.rpm
f6b1005dd1b529f89da2af6e1697ec6d 2009.1/i586/emacs-doc-22.3-4.1mdv2009.1.i586.rpm
a210802a6507090cdb81168b86128867 2009.1/i586/emacs-el-22.3-4.1mdv2009.1.i586.rpm
9977e4a61f16d3afddc89691768d0fc1 2009.1/i586/emacs-gtk-22.3-4.1mdv2009.1.i586.rpm
a85c9305c2239b22cbcecf5118c6da09 2009.1/i586/emacs-leim-22.3-4.1mdv2009.1.i586.rpm
e0c7a27445140ef48dafccc553cd9317 2009.1/i586/emacs-nox-22.3-4.1mdv2009.1.i586.rpm
1b3914c818aeae1e4ea6a083b0af0d17 2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
fa88c22cdc5064d433238fa5078b62ba 2009.1/x86_64/emacs-22.3-4.1mdv2009.1.x86_64.rpm
bb7213f01545508bf1a564eed7cb7037 2009.1/x86_64/emacs-common-22.3-4.1mdv2009.1.x86_64.rpm
cfbda12c0fbf64bdb8854b746c035f6b 2009.1/x86_64/emacs-doc-22.3-4.1mdv2009.1.x86_64.rpm
2b0879c394e9d504f289c24f054c0dbc 2009.1/x86_64/emacs-el-22.3-4.1mdv2009.1.x86_64.rpm
797eda5597bd9cfce3ac01285991385c 2009.1/x86_64/emacs-gtk-22.3-4.1mdv2009.1.x86_64.rpm
3dd582e834a33771c980b35862aab33a 2009.1/x86_64/emacs-leim-22.3-4.1mdv2009.1.x86_64.rpm
cbae1087cfb5f6390a6f36b1cb29435d 2009.1/x86_64/emacs-nox-22.3-4.1mdv2009.1.x86_64.rpm
1b3914c818aeae1e4ea6a083b0af0d17 2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
f9fd03f96fc272bc63053a96cf843ac1 2010.0/i586/emacs-23.1-7.1mdv2010.0.i586.rpm
681c0b44b0e22647067bd0e940be8827 2010.0/i586/emacs-common-23.1-7.1mdv2010.0.i586.rpm
96d1a1ae8146ad61a215d3bf73b01700 2010.0/i586/emacs-doc-23.1-7.1mdv2010.0.i586.rpm
8c8277a4a142800a0124469b67094aee 2010.0/i586/emacs-el-23.1-7.1mdv2010.0.i586.rpm
36744d11530a8b669c806ca2914e3cf4 2010.0/i586/emacs-leim-23.1-7.1mdv2010.0.i586.rpm
06102d1450f6c74060eae1d4407af99a 2010.0/i586/emacs-nox-23.1-7.1mdv2010.0.i586.rpm
4d9dd45bc26035a407e4c6d4b815c2a6 2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
71d28cedd7b4538855fb7dcaaa2dad8f 2010.0/x86_64/emacs-23.1-7.1mdv2010.0.x86_64.rpm
4848d48176bc3259b4203408bd4de290 2010.0/x86_64/emacs-common-23.1-7.1mdv2010.0.x86_64.rpm
18c40f7de50179cd24577e5d2b25a370 2010.0/x86_64/emacs-doc-23.1-7.1mdv2010.0.x86_64.rpm
4be6369b10ee043d7a5a92f653786923 2010.0/x86_64/emacs-el-23.1-7.1mdv2010.0.x86_64.rpm
b0636d25931219c429d3fd6ebcea52ed 2010.0/x86_64/emacs-leim-23.1-7.1mdv2010.0.x86_64.rpm
f55a3a914aeabc657d753f31f361f58f 2010.0/x86_64/emacs-nox-23.1-7.1mdv2010.0.x86_64.rpm
4d9dd45bc26035a407e4c6d4b815c2a6 2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm
Corporate 4.0:
97bf2e36167aec16484e4262d7192246 corporate/4.0/i586/emacs-21.4-20.5.20060mlcs4.i586.rpm
98f091ceaf519ca443e72813db520d9b corporate/4.0/i586/emacs-doc-21.4-20.5.20060mlcs4.i586.rpm
5f17f3acea1c9553b5949da67b035bbd corporate/4.0/i586/emacs-el-21.4-20.5.20060mlcs4.i586.rpm
d53be55d9228a96dfd655b7869da2c0b corporate/4.0/i586/emacs-leim-21.4-20.5.20060mlcs4.i586.rpm
1da93a12ecd0d70ea2cc926581783261 corporate/4.0/i586/emacs-nox-21.4-20.5.20060mlcs4.i586.rpm
52b90583166c96d572f54dfec71d58bb corporate/4.0/i586/emacs-X11-21.4-20.5.20060mlcs4.i586.rpm
c42ea31f7a8370f26a1c4920378a8fc6 corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4af8671bfa35744feff142f012a43523 corporate/4.0/x86_64/emacs-21.4-20.5.20060mlcs4.x86_64.rpm
8585644cac16348f507e0612386083e0 corporate/4.0/x86_64/emacs-doc-21.4-20.5.20060mlcs4.x86_64.rpm
d9189616e257bcd96ce7e2911ce4bd0d corporate/4.0/x86_64/emacs-el-21.4-20.5.20060mlcs4.x86_64.rpm
ed95b11dff637feac7de0070a2c41234 corporate/4.0/x86_64/emacs-leim-21.4-20.5.20060mlcs4.x86_64.rpm
4b4e71c2e6b9d256f0a418c697cc5d07 corporate/4.0/x86_64/emacs-nox-21.4-20.5.20060mlcs4.x86_64.rpm
5f5db454263d95aa831fc80cc138f591 corporate/4.0/x86_64/emacs-X11-21.4-20.5.20060mlcs4.x86_64.rpm
c42ea31f7a8370f26a1c4920378a8fc6 corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
17182742966ccef0e1ee6ee64cf6c17c mes5/i586/emacs-22.3-2.1mdvmes5.1.i586.rpm
2c828bd88fd8750f78f227a0056e7bad mes5/i586/emacs-common-22.3-2.1mdvmes5.1.i586.rpm
06aa75fc7aefae8e6eb4c8df6d99f19d mes5/i586/emacs-doc-22.3-2.1mdvmes5.1.i586.rpm
5836ed2232c06161b6d196022e35ad23 mes5/i586/emacs-el-22.3-2.1mdvmes5.1.i586.rpm
d076d5c6111a9c7bd12fa92987d55974 mes5/i586/emacs-gtk-22.3-2.1mdvmes5.1.i586.rpm
ebeced4cb7b5a5d9988331b7db910152 mes5/i586/emacs-leim-22.3-2.1mdvmes5.1.i586.rpm
bec9bd00b1d3dd7c1dadbb0a5988cf78 mes5/i586/emacs-nox-22.3-2.1mdvmes5.1.i586.rpm
a0e1f2b44f9a7c89a05cc8d2e1ad0633 mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
0b0eadf1a07340ed87cb28f9cd99baab mes5/x86_64/emacs-22.3-2.1mdvmes5.1.x86_64.rpm
03d3f340e9bf804982d3071187b2d6cd mes5/x86_64/emacs-common-22.3-2.1mdvmes5.1.x86_64.rpm
666d6b33034aff76c4caccf21dd2c787 mes5/x86_64/emacs-doc-22.3-2.1mdvmes5.1.x86_64.rpm
e634c9037adbff1c38ca612cb46f0e3e mes5/x86_64/emacs-el-22.3-2.1mdvmes5.1.x86_64.rpm
097c47220c2d2a028761ef427bc041ee mes5/x86_64/emacs-gtk-22.3-2.1mdvmes5.1.x86_64.rpm
9cb00684bcc12ea6bcb0c5379346b2b6 mes5/x86_64/emacs-leim-22.3-2.1mdvmes5.1.x86_64.rpm
f8de48a717ccdd6809b1e69ccc160e31 mes5/x86_64/emacs-nox-22.3-2.1mdvmes5.1.x86_64.rpm
a0e1f2b44f9a7c89a05cc8d2e1ad0633 mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLzXoWmqjQ0CJFipgRAgQ5AJ9Y6hLXe8ZEaWTe+EAkKK7yI4bRfQCdGCuX
231M6dHiA6lMkbnC4kxHbwY=
=MzZZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists