USN-919-1: Emacs vulnerability

March 29th, 2010 • RelatedFiled Under
Referenced CVEs: 
CVE-2010-0825

Description: 
===========================================================
Ubuntu Security Notice USN-919-1 March 29, 2010
emacs22, emacs23 vulnerability
CVE-2010-0825
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
emacs22-bin-common 22.1-0ubuntu10.2

Ubuntu 8.10:
emacs22-bin-common 22.2-0ubuntu2.8.10.1

Ubuntu 9.04:
emacs22-bin-common 22.2-0ubuntu2.9.04.1

Ubuntu 9.10:
emacs22-bin-common 22.2-0ubuntu6.2
emacs23-bin-common 23.1+1-4ubuntu3.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dan Rosenberg discovered that the email helper in Emacs did not correctly
check file permissions. A local attacker could perform a symlink race
to read or append to another user’s mailbox if it was stored under a
group-writable group-”mail” directory.

Post a Response

You must be logged in to post a comment.