Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in emacs
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in emacs
ID: MDKSA-2005:208
Distribution: Mandriva
Plattformen: Mandriva Corporate 2.1
Datum: Do, 10. November 2005, 03:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1232
Applikationen: Emacs

Originalnachricht

This is a multi-part message in MIME format...

------------=_1131591251-24125-38

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:208
http://www.mandriva.com/security/
_______________________________________________________________________

Package : emacs
Date : November 9, 2005
Affected: Corporate 2.1
_______________________________________________________________________

Problem Description:

Emacs 21.2 does not prompt or warn the user before executing Lisp code
in the local variables section of a text file, which allows user-
complicit attackers to execute arbitrary commands, as demonstrated
using the mode-name variable.

The packages have been updated to version 21.3 to correct the problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1232
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
48dc24e034b8091dcf425692e3063313
corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.i586.rpm
2719f8131f4d22cb331e1d9139a5469a
corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.i586.rpm
72083c11973082f333e77ab8517ef39d
corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.i586.rpm
c08f09ad0fc94583508edd3ba2706743
corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.i586.rpm
6e6c749452b93361b17270ec94a55f4a
corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.i586.rpm
6a8ed9e75840c8af8c5e498daaa04167
corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
63f47c94136bff5fd82f4486dbef173d
x86_64/corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.x86_64.rpm
ea4d960602af4c4f1e7a3899aacbfc38
x86_64/corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.x86_64.rpm
9406e42241f55358662ca7c11afbfbe5
x86_64/corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.x86_64.rpm
37436bb462c3680e88faf06a8fb71dd7
x86_64/corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.x86_64.rpm
963f81f300e17c4b72999e146be5f772
x86_64/corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.x86_64.rpm
6a8ed9e75840c8af8c5e498daaa04167
x86_64/corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDcnJvmqjQ0CJFipgRAluEAJ9L1DMaYAPBpjahC49cWqS1eapENQCePSJo
15EH7mwQZZDnCwfXGIyb/T8=
=KrT/
-----END PGP SIGNATURE-----

------------=_1131591251-24125-38
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1131591251-24125-38--
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung