Ausführen beliebiger Kommandos in Emacs
ID: | USN-3428-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 17.04 |
Datum: | Fr, 22. September 2017, 07:24 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14482 |
Applikationen: | Emacs |
Originalnachricht |
|
--===============7386252226643916003== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-voaGF5JYhAtvsrg60j2A" --=-voaGF5JYhAtvsrg60j2A Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-3428-1 September 21, 2017 emacs25 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 Summary: Emacs could be made to run programs as your login if it opened a specially crafted file. Software Description: - emacs25: GNU Emacs editor Details: Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: Â emacs25Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 25.1+1-3ubuntu4.1 In general, a standard system update will make all the necessary changes. References: Â https://www.ubuntu.com/usn/usn-3428-1 Â CVE-2017-14482 Package Information: Â https://launchpad.net/ubuntu/+source/emacs25/25.1+1-3ubuntu4.1 --ßoaGF5JYhAtvsrg60j2A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJZxDOZAAoJEEW851uECx9pNLMQAIOctxytviQz5BFRKezbEe1f /XlM67zGrAvbO9V0OUaJue/1OMjLB9L4BcnThMKMMPjco73tF55A1jduQGp3PQzo CJ7AHlyxU2l7i5G1OkIOk7OMx6LOtQvd7tpjkgZ7qDMNi2W1SMpyGF5HO5dpkew4 57p/oTzunlYvmjVubhLDzw4xXvrjrkHjSj8d/ua0i8GEs+1I+IeSbh+7anCOT6tS 2yg70SjHzg+3Ct7BO9HCAtR3WTD01TDe8ILIsLgfSSxH0ftvdk07/jKULaMy/vpp KrjjpwCpUIeQ0ue84d7xxgS+O8Bc73e0R5dUO0FHYJODSJJI7Qd/wHa35mvOCG6Q WDlSOOJGTSJ6XlcPdsYm7ef88qQRb7H4k2SfIquzxTy+v0zYlXspOzrf6c1yz2sw oy9dc+deZQm+YKfYlPdhIkRMyf8P30LiySDWZOfhNqYjq4hQp7frAaV3Ii2eSGFT ofUKpEmnzR+F0eqsLezYEWZx6OhME9nUfUBX9WzL9ua4oPHbh8SldeCgwt8g9Hf/ 7Q99f0pDZqAa6+KJBco1PeaOwW6/rCTCjYZJIk3cy2Op8QigLOODJj2Eamd/+beN YEbiWADbJqYKcBC35YHV/ou7tNDGJAA1WDfK1UVUumwBttapoCIKO/Z06LYv631Z zDBSlQwueOwV2k8/RV4A =jfaA -----END PGP SIGNATURE----- --=-voaGF5JYhAtvsrg60j2A-- --===============7386252226643916003== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK --===============7386252226643916003==-- |