drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Emacs
Name: |
Ausführen beliebiger Kommandos in Emacs |
|
ID: |
USN-3427-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS |
|
Datum: |
Fr, 22. September 2017, 07:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14482 |
|
Applikationen: |
Emacs |
|
Originalnachricht |
--===============6612655684271657236== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-AzIzc7dK1ROj1mXIBw9F"
--=-AzIzc7dK1ROj1mXIBw9F Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3427-1 September 21, 2017
emacs24 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Emacs could be made to run programs as your login if it opened a specially crafted file.
Software Description: - emacs24: GNU Emacs editor
Details:
Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: Â emacs24Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 24.5+1-6ubuntu1.1
Ubuntu 14.04 LTS: Â emacs24Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 24.3+1-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: Â https://www.ubuntu.com/usn/usn-3427-1 Â CVE-2017-14482
Package Information: Â https://launchpad.net/ubuntu/+source/emacs24/24.5+1-6ubuntu1.1 Â https://launchpad.net/ubuntu/+source/emacs24/24.3+1-2ubuntu1.1
--ÚzIzc7dK1ROj1mXIBw9F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJZxCVNAAoJEEW851uECx9pwMsP/1///FfQ/H0ENxEvRWZsHNJu juZts02Uctg8KYT5jbVGoJpGYcdo/gBIeHYtwbpKP/zLQ0yzCys+1M5q8wqZGkqe g8crWTLwCTKultfQQ5F5bdxpSnPiKL5BiHqXMEca2LkC3+nYIqdIJ2bIsyj6RHly ZhWXIl2v9EE5QxU4U/kO97+H2O7fqO8hoTtmzrd5hjFkiKEqCLP5hWh69+HKFrRP ZMkcuODZONQH3rur2k9Eh+SqWno0h/h0gmg/Ji7c//Xr3Vt9+8Uk9lHWA9k3ulVF e0ov7K82g+w5VvOH5zEPZXxODPfe+ZBMAKw5utZU+Yit5UlDkYAaxUC8mmP4YrcD 4ZSHZjfIjgSlREfjcPO8VXYB4hlRHHe6aDf8ftnSddByQUwu9gxW0ll4I3A44A45 KFBMGFypJ6uWOZpUwbds0TaKlOXhXXZsI7G66vovvnjDR9qZJ4kXR8ZiCWSyovuK 1bl2t1cm3dl1mljf2GwNKiUNK7oFnl4Bxc3yMfkWraFL/M6THADX4GLtXFf1d1HV oDZogLTsVRZ7gtgwSNGNgOQFu+nqCI7w6pyxYssf2QtjNpVHo7e7TI5THknkw+Mi bW2UA7dZimCrpmhs3pPYXMfAYVgpFkDkLpH+u9IxLPwhulW1nSueyx/ZXMY2f05O zRICAUzuR0gk3DpiyLvq =qBCY -----END PGP SIGNATURE-----
--=-AzIzc7dK1ROj1mXIBw9F--
--===============6612655684271657236== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6612655684271657236==--
|
|
|
|