A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
emacs21-bin-common
The problem can be corrected by upgrading the affected package to version 21.3+1-5ubuntu4.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the "mail" group (since "movemail" is installed as "setgid mail").