[Security Announce] [ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff

news · May 6, 2008

This is a multi-part message in MIME format...

------------=_1210112714-11275-4035

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:096

http://www.mandriva.com/security/

_______________________________________________________________________

Package : emacs

Date : May 6, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

Problem Description:

Steve Grubb found that the vcdiff script in Emacs create temporary

files insecurely when used with SCCS. A local user could exploit a

race condition to create or overwrite files with the privileges of

the user invoking the program (CVE-2008-1694).

The updated packages have been patched to correct this issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

860acff5c4b9ab1c1eaf0acef4fba66b 2007.1/i586/emacs-21.4-26.3mdv2007.1.i586.rpm

c6234d6a7df7d8055ee1e0564d69d887 2007.1/i586/emacs-doc-21.4-26.3mdv2007.1.i586.rpm

314161c6971dcb7cb9b74a79d1824817 2007.1/i586/emacs-el-21.4-26.3mdv2007.1.i586.rpm

2359d69f340ffa74497d41f323431cf1 2007.1/i586/emacs-leim-21.4-26.3mdv2007.1.i586.rpm

07e1609387915960408eb3c53c4e0523 2007.1/i586/emacs-nox-21.4-26.3mdv2007.1.i586.rpm

70f6305375ed24d4187697e70244d47d 2007.1/i586/emacs-X11-21.4-26.3mdv2007.1.i586.rpm

71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

7cbf1f306944e9fc743d17eac9a690e3 2007.1/x86_64/emacs-21.4-26.3mdv2007.1.x86_64.rpm

a1665ec7e029414dce426d6a0d8860b2 2007.1/x86_64/emacs-doc-21.4-26.3mdv2007.1.x86_64.rpm

f5e8f8c007cf6b75eaa82a90c92dcfdb 2007.1/x86_64/emacs-el-21.4-26.3mdv2007.1.x86_64.rpm

7218cb8a51fde73651861426520489f3 2007.1/x86_64/emacs-leim-21.4-26.3mdv2007.1.x86_64.rpm

0511da9605eebab1758384fab2109609 2007.1/x86_64/emacs-nox-21.4-26.3mdv2007.1.x86_64.rpm

9fe75d9966416762cea8e883390920e8 2007.1/x86_64/emacs-X11-21.4-26.3mdv2007.1.x86_64.rpm

71055474f01d831c92ffad69e2124b0c 2007.1/SRPMS/emacs-21.4-26.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:

c9ba30c103c33e130f5b681d78c8699a 2008.0/i586/emacs-22.1-5.2mdv2008.0.i586.rpm

32bd11050ddacc1ec95e9065cb780e65 2008.0/i586/emacs-common-22.1-5.2mdv2008.0.i586.rpm

9af474b1531f49e224e87d26622bad07 2008.0/i586/emacs-doc-22.1-5.2mdv2008.0.i586.rpm

1f083e4597b6d020e607c7ece58d77de 2008.0/i586/emacs-el-22.1-5.2mdv2008.0.i586.rpm

072eeb95d628132f2fec9221b8ac189f 2008.0/i586/emacs-gtk-22.1-5.2mdv2008.0.i586.rpm

31e7d065766e842bc9cf3c63e4542a10 2008.0/i586/emacs-leim-22.1-5.2mdv2008.0.i586.rpm

345f0b210b4bcb683743d3b0f1cba400 2008.0/i586/emacs-nox-22.1-5.2mdv2008.0.i586.rpm

906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

91d12df0967e218bb45b501331809938 2008.0/x86_64/emacs-22.1-5.2mdv2008.0.x86_64.rpm

4db1ac1b2c134d6213d62f470c71ac14 2008.0/x86_64/emacs-common-22.1-5.2mdv2008.0.x86_64.rpm

4add93abb0f2b7cc35099ec213adba7b 2008.0/x86_64/emacs-doc-22.1-5.2mdv2008.0.x86_64.rpm

83faecb5f1d71c08c21d8273b514ee4a 2008.0/x86_64/emacs-el-22.1-5.2mdv2008.0.x86_64.rpm

b23989605afbabd02c492678d3c605ec 2008.0/x86_64/emacs-gtk-22.1-5.2mdv2008.0.x86_64.rpm

0b7e8171ae8a9172ca13f2ef45f50735 2008.0/x86_64/emacs-leim-22.1-5.2mdv2008.0.x86_64.rpm

6307e2d6dc2cc98149889c2dc1c24445 2008.0/x86_64/emacs-nox-22.1-5.2mdv2008.0.x86_64.rpm

906b7f584b107ba2b2a841466c0cec2b 2008.0/SRPMS/emacs-22.1-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:

647b6641b52789efbd0f85ea3ae387b1 2008.1/i586/emacs-22.1-7.1mdv2008.1.i586.rpm

84d1ee873a006081bf3ed4745ff13878 2008.1/i586/emacs-common-22.1-7.1mdv2008.1.i586.rpm

b247778379c2951a47e1782db642aebd 2008.1/i586/emacs-doc-22.1-7.1mdv2008.1.i586.rpm

19fbe6b0cfc7e21dd2dcccb0e6fb7196 2008.1/i586/emacs-el-22.1-7.1mdv2008.1.i586.rpm

c1865d49ae83ea15a67b4552f495062f 2008.1/i586/emacs-gtk-22.1-7.1mdv2008.1.i586.rpm

f8fd80661b9f9cef08cbfedec671cfdc 2008.1/i586/emacs-leim-22.1-7.1mdv2008.1.i586.rpm

927a81595e5eb745413abcc3bca8917e 2008.1/i586/emacs-nox-22.1-7.1mdv2008.1.i586.rpm

e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:

37a105e997167f86a702dc5c659f590a 2008.1/x86_64/emacs-22.1-7.1mdv2008.1.x86_64.rpm

d7f4640c1cc272af0b7de8c698348490 2008.1/x86_64/emacs-common-22.1-7.1mdv2008.1.x86_64.rpm

4ecd2e3093d92d002563e4f11ede8eea 2008.1/x86_64/emacs-doc-22.1-7.1mdv2008.1.x86_64.rpm

7b868b093f3b7715d2629b2eb769bcbc 2008.1/x86_64/emacs-el-22.1-7.1mdv2008.1.x86_64.rpm

e89feeb2922c69c99cc80b755f280bb7 2008.1/x86_64/emacs-gtk-22.1-7.1mdv2008.1.x86_64.rpm

ca1bd2740a25f3bd8714ce61069a9352 2008.1/x86_64/emacs-leim-22.1-7.1mdv2008.1.x86_64.rpm

72a3860bd489a6d7bb6738622cd59472 2008.1/x86_64/emacs-nox-22.1-7.1mdv2008.1.x86_64.rpm

e0dc3a39c07232eb5c44775866843cad 2008.1/SRPMS/emacs-22.1-7.1mdv2008.1.src.rpm

Corporate 3.0:

5938a7176748d2c054aee8cc26fe99a9 corporate/3.0/i586/emacs-21.3-9.4.C30mdk.i586.rpm

f4ba9961d6ab3a13dcfed2f500dc1b64 corporate/3.0/i586/emacs-el-21.3-9.4.C30mdk.i586.rpm

46035ccd6b40df7b806b2fc7f5560eb3 corporate/3.0/i586/emacs-leim-21.3-9.4.C30mdk.i586.rpm

8dec136a6d4eec4045fa18f9102fb229 corporate/3.0/i586/emacs-nox-21.3-9.4.C30mdk.i586.rpm

b10cba863838d008b1183e09cae9c968 corporate/3.0/i586/emacs-X11-21.3-9.4.C30mdk.i586.rpm

2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm

Corporate 3.0/X86_64:

66e934780af0a4cc559c4d919f59b58b corporate/3.0/x86_64/emacs-21.3-9.4.C30mdk.x86_64.rpm

33ef8e10456ca3d79a8b6cb272095151 corporate/3.0/x86_64/emacs-el-21.3-9.4.C30mdk.x86_64.rpm

71a2b73b95e5d53fe0d848f2143ca1ca corporate/3.0/x86_64/emacs-leim-21.3-9.4.C30mdk.x86_64.rpm

cf2c1f53dd531d8713fe002749892ae1 corporate/3.0/x86_64/emacs-nox-21.3-9.4.C30mdk.x86_64.rpm

79e696a60033b3b2471ba833423323e8 corporate/3.0/x86_64/emacs-X11-21.3-9.4.C30mdk.x86_64.rpm

2a6677d86907231c0ba59f6065864ee2 corporate/3.0/SRPMS/emacs-21.3-9.4.C30mdk.src.rpm

Corporate 4.0:

45676adfed25e12b9715885833fcb187 corporate/4.0/i586/emacs-21.4-20.3.20060mlcs4.i586.rpm

e90636e8acbb136d88d3d43a488f8da8 corporate/4.0/i586/emacs-doc-21.4-20.3.20060mlcs4.i586.rpm

b4853627d21efb6b7ca84d726528eaa5 corporate/4.0/i586/emacs-el-21.4-20.3.20060mlcs4.i586.rpm

1e155750aca968a44604096411e7af48 corporate/4.0/i586/emacs-leim-21.4-20.3.20060mlcs4.i586.rpm

7baf91055dd648878f27a2f9c6cfb830 corporate/4.0/i586/emacs-nox-21.4-20.3.20060mlcs4.i586.rpm

2910ce2399015e5d994a947ea8590c2b corporate/4.0/i586/emacs-X11-21.4-20.3.20060mlcs4.i586.rpm

97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

abd961b76638d924830a1dd8ad042373 corporate/4.0/x86_64/emacs-21.4-20.3.20060mlcs4.x86_64.rpm

892208a32b3fa46b943a7c2b37636d1a corporate/4.0/x86_64/emacs-doc-21.4-20.3.20060mlcs4.x86_64.rpm

3f6059bd8402868f58661b2ef90b4124 corporate/4.0/x86_64/emacs-el-21.4-20.3.20060mlcs4.x86_64.rpm

a1707e8d3435c141db73e04458f0e3d6 corporate/4.0/x86_64/emacs-leim-21.4-20.3.20060mlcs4.x86_64.rpm

0535a66c3c41e0fb53ea0ffb448a1f0d corporate/4.0/x86_64/emacs-nox-21.4-20.3.20060mlcs4.x86_64.rpm

13f4349cafa04f5e21fdfb71132454cf corporate/4.0/x86_64/emacs-X11-21.4-20.3.20060mlcs4.x86_64.rpm

97fc8b290b3a4398b70804f1e3b35074 corporate/4.0/SRPMS/emacs-21.4-20.3.20060mlcs4.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIIK55mqjQ0CJFipgRAq+ZAJ0fW67aU94XKpMZrLm/p9A742wXeACgx8ko

aq13NQvRnmbkA3V4P8brgk4=

=Semw

-----END PGP SIGNATURE-----

------------=_1210112714-11275-4035

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1210112714-11275-4035--

Sign In

[Security Announce] [ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity