<<< Date Index >>>     <<< Thread Index >>>

[ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:096
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : emacs
 Date    : May 6, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Steve Grubb found that the vcdiff script in Emacs create temporary
 files insecurely when used with SCCS.  A local user could exploit a
 race condition to create or overwrite files with the privileges of
 the user invoking the program (CVE-2008-1694).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 860acff5c4b9ab1c1eaf0acef4fba66b  2007.1/i586/emacs-21.4-26.3mdv2007.1.i586.rpm
 c6234d6a7df7d8055ee1e0564d69d887  
2007.1/i586/emacs-doc-21.4-26.3mdv2007.1.i586.rpm
 314161c6971dcb7cb9b74a79d1824817  
2007.1/i586/emacs-el-21.4-26.3mdv2007.1.i586.rpm
 2359d69f340ffa74497d41f323431cf1  
2007.1/i586/emacs-leim-21.4-26.3mdv2007.1.i586.rpm
 07e1609387915960408eb3c53c4e0523  
2007.1/i586/emacs-nox-21.4-26.3mdv2007.1.i586.rpm
 70f6305375ed24d4187697e70244d47d  
2007.1/i586/emacs-X11-21.4-26.3mdv2007.1.i586.rpm 
 71055474f01d831c92ffad69e2124b0c  2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7cbf1f306944e9fc743d17eac9a690e3  
2007.1/x86_64/emacs-21.4-26.3mdv2007.1.x86_64.rpm
 a1665ec7e029414dce426d6a0d8860b2  
2007.1/x86_64/emacs-doc-21.4-26.3mdv2007.1.x86_64.rpm
 f5e8f8c007cf6b75eaa82a90c92dcfdb  
2007.1/x86_64/emacs-el-21.4-26.3mdv2007.1.x86_64.rpm
 7218cb8a51fde73651861426520489f3  
2007.1/x86_64/emacs-leim-21.4-26.3mdv2007.1.x86_64.rpm
 0511da9605eebab1758384fab2109609  
2007.1/x86_64/emacs-nox-21.4-26.3mdv2007.1.x86_64.rpm
 9fe75d9966416762cea8e883390920e8  
2007.1/x86_64/emacs-X11-21.4-26.3mdv2007.1.x86_64.rpm 
 71055474f01d831c92ffad69e2124b0c  2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 c9ba30c103c33e130f5b681d78c8699a  2008.0/i586/emacs-22.1-5.2mdv2008.0.i586.rpm
 32bd11050ddacc1ec95e9065cb780e65  
2008.0/i586/emacs-common-22.1-5.2mdv2008.0.i586.rpm
 9af474b1531f49e224e87d26622bad07  
2008.0/i586/emacs-doc-22.1-5.2mdv2008.0.i586.rpm
 1f083e4597b6d020e607c7ece58d77de  
2008.0/i586/emacs-el-22.1-5.2mdv2008.0.i586.rpm
 072eeb95d628132f2fec9221b8ac189f  
2008.0/i586/emacs-gtk-22.1-5.2mdv2008.0.i586.rpm
 31e7d065766e842bc9cf3c63e4542a10  
2008.0/i586/emacs-leim-22.1-5.2mdv2008.0.i586.rpm
 345f0b210b4bcb683743d3b0f1cba400  
2008.0/i586/emacs-nox-22.1-5.2mdv2008.0.i586.rpm 
 906b7f584b107ba2b2a841466c0cec2b  2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 91d12df0967e218bb45b501331809938  
2008.0/x86_64/emacs-22.1-5.2mdv2008.0.x86_64.rpm
 4db1ac1b2c134d6213d62f470c71ac14  
2008.0/x86_64/emacs-common-22.1-5.2mdv2008.0.x86_64.rpm
 4add93abb0f2b7cc35099ec213adba7b  
2008.0/x86_64/emacs-doc-22.1-5.2mdv2008.0.x86_64.rpm
 83faecb5f1d71c08c21d8273b514ee4a  
2008.0/x86_64/emacs-el-22.1-5.2mdv2008.0.x86_64.rpm
 b23989605afbabd02c492678d3c605ec  
2008.0/x86_64/emacs-gtk-22.1-5.2mdv2008.0.x86_64.rpm
 0b7e8171ae8a9172ca13f2ef45f50735  
2008.0/x86_64/emacs-leim-22.1-5.2mdv2008.0.x86_64.rpm
 6307e2d6dc2cc98149889c2dc1c24445  
2008.0/x86_64/emacs-nox-22.1-5.2mdv2008.0.x86_64.rpm 
 906b7f584b107ba2b2a841466c0cec2b  2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 647b6641b52789efbd0f85ea3ae387b1  2008.1/i586/emacs-22.1-7.1mdv2008.1.i586.rpm
 84d1ee873a006081bf3ed4745ff13878  
2008.1/i586/emacs-common-22.1-7.1mdv2008.1.i586.rpm
 b247778379c2951a47e1782db642aebd  
2008.1/i586/emacs-doc-22.1-7.1mdv2008.1.i586.rpm
 19fbe6b0cfc7e21dd2dcccb0e6fb7196  
2008.1/i586/emacs-el-22.1-7.1mdv2008.1.i586.rpm
 c1865d49ae83ea15a67b4552f495062f  
2008.1/i586/emacs-gtk-22.1-7.1mdv2008.1.i586.rpm
 f8fd80661b9f9cef08cbfedec671cfdc  
2008.1/i586/emacs-leim-22.1-7.1mdv2008.1.i586.rpm
 927a81595e5eb745413abcc3bca8917e  
2008.1/i586/emacs-nox-22.1-7.1mdv2008.1.i586.rpm 
 e0dc3a39c07232eb5c44775866843cad  2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 37a105e997167f86a702dc5c659f590a  
2008.1/x86_64/emacs-22.1-7.1mdv2008.1.x86_64.rpm
 d7f4640c1cc272af0b7de8c698348490  
2008.1/x86_64/emacs-common-22.1-7.1mdv2008.1.x86_64.rpm
 4ecd2e3093d92d002563e4f11ede8eea  
2008.1/x86_64/emacs-doc-22.1-7.1mdv2008.1.x86_64.rpm
 7b868b093f3b7715d2629b2eb769bcbc  
2008.1/x86_64/emacs-el-22.1-7.1mdv2008.1.x86_64.rpm
 e89feeb2922c69c99cc80b755f280bb7  
2008.1/x86_64/emacs-gtk-22.1-7.1mdv2008.1.x86_64.rpm
 ca1bd2740a25f3bd8714ce61069a9352  
2008.1/x86_64/emacs-leim-22.1-7.1mdv2008.1.x86_64.rpm
 72a3860bd489a6d7bb6738622cd59472  
2008.1/x86_64/emacs-nox-22.1-7.1mdv2008.1.x86_64.rpm 
 e0dc3a39c07232eb5c44775866843cad  2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm

 Corporate 3.0:
 5938a7176748d2c054aee8cc26fe99a9  
corporate/3.0/i586/emacs-21.3-9.4.C30mdk.i586.rpm
 f4ba9961d6ab3a13dcfed2f500dc1b64  
corporate/3.0/i586/emacs-el-21.3-9.4.C30mdk.i586.rpm
 46035ccd6b40df7b806b2fc7f5560eb3  
corporate/3.0/i586/emacs-leim-21.3-9.4.C30mdk.i586.rpm
 8dec136a6d4eec4045fa18f9102fb229  
corporate/3.0/i586/emacs-nox-21.3-9.4.C30mdk.i586.rpm
 b10cba863838d008b1183e09cae9c968  
corporate/3.0/i586/emacs-X11-21.3-9.4.C30mdk.i586.rpm 
 2a6677d86907231c0ba59f6065864ee2  
corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 66e934780af0a4cc559c4d919f59b58b  
corporate/3.0/x86_64/emacs-21.3-9.4.C30mdk.x86_64.rpm
 33ef8e10456ca3d79a8b6cb272095151  
corporate/3.0/x86_64/emacs-el-21.3-9.4.C30mdk.x86_64.rpm
 71a2b73b95e5d53fe0d848f2143ca1ca  
corporate/3.0/x86_64/emacs-leim-21.3-9.4.C30mdk.x86_64.rpm
 cf2c1f53dd531d8713fe002749892ae1  
corporate/3.0/x86_64/emacs-nox-21.3-9.4.C30mdk.x86_64.rpm
 79e696a60033b3b2471ba833423323e8  
corporate/3.0/x86_64/emacs-X11-21.3-9.4.C30mdk.x86_64.rpm 
 2a6677d86907231c0ba59f6065864ee2  
corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm

 Corporate 4.0:
 45676adfed25e12b9715885833fcb187  
corporate/4.0/i586/emacs-21.4-20.3.20060mlcs4.i586.rpm
 e90636e8acbb136d88d3d43a488f8da8  
corporate/4.0/i586/emacs-doc-21.4-20.3.20060mlcs4.i586.rpm
 b4853627d21efb6b7ca84d726528eaa5  
corporate/4.0/i586/emacs-el-21.4-20.3.20060mlcs4.i586.rpm
 1e155750aca968a44604096411e7af48  
corporate/4.0/i586/emacs-leim-21.4-20.3.20060mlcs4.i586.rpm
 7baf91055dd648878f27a2f9c6cfb830  
corporate/4.0/i586/emacs-nox-21.4-20.3.20060mlcs4.i586.rpm
 2910ce2399015e5d994a947ea8590c2b  
corporate/4.0/i586/emacs-X11-21.4-20.3.20060mlcs4.i586.rpm 
 97fc8b290b3a4398b70804f1e3b35074  
corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 abd961b76638d924830a1dd8ad042373  
corporate/4.0/x86_64/emacs-21.4-20.3.20060mlcs4.x86_64.rpm
 892208a32b3fa46b943a7c2b37636d1a  
corporate/4.0/x86_64/emacs-doc-21.4-20.3.20060mlcs4.x86_64.rpm
 3f6059bd8402868f58661b2ef90b4124  
corporate/4.0/x86_64/emacs-el-21.4-20.3.20060mlcs4.x86_64.rpm
 a1707e8d3435c141db73e04458f0e3d6  
corporate/4.0/x86_64/emacs-leim-21.4-20.3.20060mlcs4.x86_64.rpm
 0535a66c3c41e0fb53ea0ffb448a1f0d  
corporate/4.0/x86_64/emacs-nox-21.4-20.3.20060mlcs4.x86_64.rpm
 13f4349cafa04f5e21fdfb71132454cf  
corporate/4.0/x86_64/emacs-X11-21.4-20.3.20060mlcs4.x86_64.rpm 
 97fc8b290b3a4398b70804f1e3b35074  
corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIIK55mqjQ0CJFipgRAq+ZAJ0fW67aU94XKpMZrLm/p9A742wXeACgx8ko
aq13NQvRnmbkA3V4P8brgk4=
=Semw
-----END PGP SIGNATURE-----