Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:034 (emacs)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.60290

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:034 (emacs)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to emacs
announced via advisory MDVSA-2008:034.

The hack-local-variable function in Emacs 22 prior to version 22.2,
when enable-local-variables is set to ':safe', did not properly search
lists of unsafe or risky variables, which could allow user-assisted
attackers to bypass intended restrictions and modify critical
program variables via a file containing a Local variables declaration
(CVE-2007-5795
only affects Mandriva Linux 2008.0).

A stack-based buffer overflow in emacs could allow user-assisted
attackers to cause an application crash or possibly have other
unspecified impacts via a large precision value in an integer format
string specifier to the format function (CVE-2007-6109).

The updated packages have been patched to correct these issues.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:034

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-5795
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BugTraq ID: 26327
http://www.securityfocus.com/bid/26327
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html
http://security.gentoo.org/glsa/glsa-200712-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
http://osvdb.org/42060
http://secunia.com/advisories/27508
http://secunia.com/advisories/27627
http://secunia.com/advisories/27728
http://secunia.com/advisories/27984
http://secunia.com/advisories/29420
http://www.ubuntu.com/usn/usn-541-1
http://www.vupen.com/english/advisories/2007/3715
http://www.vupen.com/english/advisories/2008/0924/references
XForce ISS Database: emacs-hacklocalvariables-security-bypass(38263)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38263
Common Vulnerability Exposure (CVE) ID: CVE-2007-6109
http://secunia.com/advisories/27965
http://secunia.com/advisories/28838
http://secunia.com/advisories/30109
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
https://usn.ubuntu.com/607-1/
XForce ISS Database: emacs-unspecified-bo(38904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38904

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.60290
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:034 (emacs)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to emacs announced via advisory MDVSA-2008:034. The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration (CVE-2007-5795 only affects Mandriva Linux 2008.0). A stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function (CVE-2007-6109). The updated packages have been patched to correct these issues. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:034 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5795 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BugTraq ID: 26327 http://www.securityfocus.com/bid/26327 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html http://security.gentoo.org/glsa/glsa-200712-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:034 http://osvdb.org/42060 http://secunia.com/advisories/27508 http://secunia.com/advisories/27627 http://secunia.com/advisories/27728 http://secunia.com/advisories/27984 http://secunia.com/advisories/29420 http://www.ubuntu.com/usn/usn-541-1 http://www.vupen.com/english/advisories/2007/3715 http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: emacs-hacklocalvariables-security-bypass(38263) https://exchange.xforce.ibmcloud.com/vulnerabilities/38263 Common Vulnerability Exposure (CVE) ID: CVE-2007-6109 http://secunia.com/advisories/27965 http://secunia.com/advisories/28838 http://secunia.com/advisories/30109 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html https://usn.ubuntu.com/607-1/ XForce ISS Database: emacs-unspecified-bo(38904) https://exchange.xforce.ibmcloud.com/vulnerabilities/38904
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com