Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Emacs
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Emacs
ID: USN-3427-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Fr, 22. September 2017, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14482

Originalnachricht


--===============6612655684271657236==
Content-Type: multipart/signed; micalg="pgp-sha256";
protocol="application/pgp-signature";
boundary="=-AzIzc7dK1ROj1mXIBw9F"


--=-AzIzc7dK1ROj1mXIBw9F
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3427-1
September 21, 2017

emacs24 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Emacs could be made to run programs as your login if it
opened a specially crafted file.

Software Description:
- emacs24: GNU Emacs editor

Details:

Charles A. Roelli discovered that Emacs incorrectly handled certain
files. If a user were tricked into opening a specially crafted file, an
attacker could possibly use this to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  emacs24                         24.5+1-6ubuntu1.1

Ubuntu 14.04 LTS:
  emacs24                         24.3+1-2ubuntu1.1

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3427-1
  CVE-2017-14482

Package Information:
  https://launchpad.net/ubuntu/+source/emacs24/24.5+1-6ubuntu1.1
  https://launchpad.net/ubuntu/+source/emacs24/24.3+1-2ubuntu1.1

--ÚzIzc7dK1ROj1mXIBw9F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJZxCVNAAoJEEW851uECx9pwMsP/1///FfQ/H0ENxEvRWZsHNJu
juZts02Uctg8KYT5jbVGoJpGYcdo/gBIeHYtwbpKP/zLQ0yzCys+1M5q8wqZGkqe
g8crWTLwCTKultfQQ5F5bdxpSnPiKL5BiHqXMEca2LkC3+nYIqdIJ2bIsyj6RHly
ZhWXIl2v9EE5QxU4U/kO97+H2O7fqO8hoTtmzrd5hjFkiKEqCLP5hWh69+HKFrRP
ZMkcuODZONQH3rur2k9Eh+SqWno0h/h0gmg/Ji7c//Xr3Vt9+8Uk9lHWA9k3ulVF
e0ov7K82g+w5VvOH5zEPZXxODPfe+ZBMAKw5utZU+Yit5UlDkYAaxUC8mmP4YrcD
4ZSHZjfIjgSlREfjcPO8VXYB4hlRHHe6aDf8ftnSddByQUwu9gxW0ll4I3A44A45
KFBMGFypJ6uWOZpUwbds0TaKlOXhXXZsI7G66vovvnjDR9qZJ4kXR8ZiCWSyovuK
1bl2t1cm3dl1mljf2GwNKiUNK7oFnl4Bxc3yMfkWraFL/M6THADX4GLtXFf1d1HV
oDZogLTsVRZ7gtgwSNGNgOQFu+nqCI7w6pyxYssf2QtjNpVHo7e7TI5THknkw+Mi
bW2UA7dZimCrpmhs3pPYXMfAYVgpFkDkLpH+u9IxLPwhulW1nSueyx/ZXMY2f05O
zRICAUzuR0gk3DpiyLvq
=qBCY
-----END PGP SIGNATURE-----

--=-AzIzc7dK1ROj1mXIBw9F--



--===============6612655684271657236==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6612655684271657236==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung