Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Cc: full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200712-03 ] GNU Emacs: Multiple vulnerabilities
Date: Sun, 09 Dec 2007 20:07:52
Message-Id: 475C47ED.20003@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200712-03
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: Normal
11 Title: GNU Emacs: Multiple vulnerabilities
12 Date: December 09, 2007
13 Bugs: #197958, #200297
14 ID: 200712-03
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Two vulnerabilities were found in GNU Emacs possibly leading to the
22 execution of arbitrary code.
23
24 Background
25 ==========
26
27 GNU Emacs is a highly extensible and customizable text editor.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 app-editors/emacs < 22.1-r3 >= 22.1-r3
36 *>= 21.4-r14
37 < 19
38
39 Description
40 ===========
41
42 Drake Wilson reported that the hack-local-variables() function in GNU
43 Emacs 22 does not properly match assignments of local variables in a
44 file against a list of unsafe or risky variables, allowing to override
45 them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based
46 buffer overflow in the format function when handling values with high
47 precision (CVE-2007-6109).
48
49 Impact
50 ======
51
52 Remote attackers could entice a user to open a specially crafted file
53 in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp
54 code (via CVE-2007-5795) or arbitrary code (via CVE-2007-6109) with the
55 privileges of the user running GNU Emacs.
56
57 Workaround
58 ==========
59
60 The first vulnerability can be worked around by setting the
61 "enable-local-variables" option to "nil", disabling the processing of
62 local variable lists. GNU Emacs prior to version 22 is not affected by
63 this vulnerability. There is no known workaround for the second
64 vulnerability at this time.
65
66 Resolution
67 ==========
68
69 All GNU Emacs users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot --verbose ">=app-editors/emacs-22.1-r3"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2007-5795
78 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795
79 [ 2 ] CVE-2007-6109
80 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109
81
82 Availability
83 ============
84
85 This GLSA and any updates to it are available for viewing at
86 the Gentoo Security Website:
87
88 http://security.gentoo.org/glsa/glsa-200712-03.xml
89
90 Concerns?
91 =========
92
93 Security is a primary focus of Gentoo Linux and ensuring the
94 confidentiality and security of our users machines is of utmost
95 importance to us. Any security concerns should be addressed to
96 security@g.o or alternatively, you may file a bug at
97 http://bugs.gentoo.org.
98
99 License
100 =======
101
102 Copyright 2007 Gentoo Foundation, Inc; referenced text
103 belongs to its owner(s).
104
105 The contents of this document are licensed under the
106 Creative Commons - Attribution / Share Alike license.
107
108 http://creativecommons.org/licenses/by-sa/2.5
109 -----BEGIN PGP SIGNATURE-----
110 Version: GnuPG v1.4.7 (GNU/Linux)
111 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
112
113 iD8DBQFHXEftuhJ+ozIKI5gRAqBpAJ9V4ZN88GFt3TO0SqfS2a4RU+Ts6gCfcEvO
114 085qmthCbHkeWw1ahowNgWw=
115 =pxuv
116 -----END PGP SIGNATURE-----
117 --
118 gentoo-announce@g.o mailing list