View Full Version : USN-541-1: Emacs vulnerability

November 14th, 2007, 02:10 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-541-1 November 13, 2007 emacs22 vulnerability CVE-2007-5795 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: emacs22 22.1-0ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.

More... (http://www.ubuntu.com/usn/usn-541-1)