<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:034 ] - Updated emacs packages fix vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:034
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : emacs
 Date    : February 4, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The hack-local-variable function in Emacs 22 prior to version 22.2,
 when enable-local-variables is set to ':safe', did not properly search
 lists of unsafe or risky variables, which could allow user-assisted
 attackers to bypass intended restrictions and modify critical
 program variables via a file containing a Local variables declaration
 (CVE-2007-5795; only affects Mandriva Linux 2008.0).
 
 A stack-based buffer overflow in emacs could allow user-assisted
 attackers to cause an application crash or possibly have other
 unspecified impacts via a large precision value in an integer format
 string specifier to the format function (CVE-2007-6109).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 f21e7e74502d46bc080f4a48080c574a  2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm
 a73d62aee609e6be32937b681780a0b6  
2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm
 589a15364fb4cfbf12e8e47b7104a7fa  
2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm
 2253dd2b8b5aa563add08e7350a65f44  
2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm
 919175eea98794b2a4ea7b3626119a8a  
2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm
 a8c1c605bd854db7637b8318f7b5c7f5  
2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 a6ff38fc50ebb49e211bc5cf10231e01  
2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm
 d8bc4c5f8663c2c4e3fef168db4f16b9  
2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm
 c5c6dd9d95905c838ca6d731f208f67e  
2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm
 a5ae4708158e52a3de4bdeb3e3c203fc  
2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm
 0ef28ab5726ae394499645062c633602  
2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm
 e90514c50fd5cef37dc59a27b705d13c  
2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm 
 58b7e26033084006cda510468ebc75ac  2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 bacb82a95ab9babc66aa7a46e6b4dc82  2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm
 954785ebcf994cea467008606ceb7865  
2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm
 77e9d3072e695b29d07ebac0f40fd262  
2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm
 880b385fea1eb26b5bac57427c86ba08  
2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm
 4f2e9e2a7a5099f4de32c53822cf736a  
2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm
 bb2fce94cb107de86bff7b0727be023c  
2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 8285245a590680e2cee5520e4a627703  
2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm
 bc97da27f378af323630a2f318c24155  
2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm
 306c2ea8ecc96094195ed970e6648245  
2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm
 4dddafd86ec989b8329062c44a909a9c  
2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm
 024fed6e709952488ef2d6ed0397de9d  
2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm
 c096d01ea9be0779f46d8a1474d5318f  
2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm 
 93460555120ee14779b4090ab77425a4  2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e6dd6abf0cb27d303b22e80d1091bd1e  2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm
 4dfa152d8998fc5c8fe78e3cbaf125f6  
2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm
 ff9cc6e64a7142198b49f551944f7357  
2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm
 25af5a88aacdbaa419a67d4adf125589  
2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm
 dd847a0b9e3eb8cd59d69dc365320ff1  
2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm
 3592f389b333475fa94cb4dc84cde8be  
2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm
 0fb982382245c7858def3f788820cdac  
2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 551b608acfd97bd227f3d3c8b5b6f155  
2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm
 88e56aabb7dd52cdc9fd813ecc376c12  
2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm
 6f1a0ffb0600cf3e076257f0972793a9  
2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm
 f6a8a3d45feb6d04e66fc5ffd4eb2067  
2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm
 0377fec7fb8f09dfd84db6fa6de6ff0a  
2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm
 f914847423ed5c5fa217f77c19d0b312  
2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm
 f834fbcb86b540946dbbb7fd68ef97d8  
2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm 
 fc5ae7001cfd746c5eedcb7172a0445c  2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm

 Corporate 3.0:
 846bc555f6e24843329bc971a0d86e7d  
corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm
 e5f5a7c2885801f69284d2cf83cc7657  
corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm
 fbd6b3dcdbe55b8f6a238c6c28c819ac  
corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm
 920d56462f970bd5228a3a9729ec149c  
corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm
 9a762f39fda7e8af966f2d8580ff561d  
corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm 
 adc16c5f9ad32295db6ea036101069e2  
corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 91a59e872e88638df84b32cd7cdb7fe4  
corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm
 a4ccc81d17b1397d5fdec6eb6e2ddad9  
corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm
 4f08fc2400cc2ef9ed3d2970f3324ffe  
corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm
 d77294d54d8908cf3016cd7f1cafe1ea  
corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm
 7eba0bf35e01c4a6e1018a8cb5225115  
corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm 
 adc16c5f9ad32295db6ea036101069e2  
corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm

 Corporate 4.0:
 ce19613054ce62dd96433b01b91258b1  
corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm
 b67b18e5f5fccbb9c4012f49f31325f0  
corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm
 146214a37b174b2b59d7e883bb29802f  
corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm
 0bf2f09a9a5a0b02c0f9600e34ba9f84  
corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm
 92cd0e9c3bfa881f0303810d6e9e8cbf  
corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm
 7a75213230a1f3a905ee91d588b6cd08  
corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm 
 af9fa010f39b56f24803926854f0595e  
corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 173a3addd59c8706d407be4926712920  
corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm
 a445eb2f6c731ac7b11da483d533911a  
corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm
 46385585ed5da20703584623f862c8eb  
corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm
 32a6678ddee851f69d541cfafa3e101e  
corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm
 980dce6cf406dac7c3ee1d89073c6d91  
corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm
 5814b72ab37b9bdd8ea2b58de765ebad  
corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm 
 af9fa010f39b56f24803926854f0595e  
corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHp8z7mqjQ0CJFipgRAtNtAJ9/AC9geA+QIBE3TM0v+IwziIfOWgCfdVRj
RD8hy/qUWC+OatCCbnurL+I=
=3oy6
-----END PGP SIGNATURE-----