-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:208 http://www.mandriva.com/security/ _______________________________________________________________________ Package : emacs Date : November 9, 2005 Affected: Corporate 2.1 _______________________________________________________________________ Problem Description: Emacs 21.2 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user- complicit attackers to execute arbitrary commands, as demonstrated using the mode-name variable. The packages have been updated to version 21.3 to correct the problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1232 _______________________________________________________________________ Updated Packages: Corporate Server 2.1: 48dc24e034b8091dcf425692e3063313 corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.i586.rpm 2719f8131f4d22cb331e1d9139a5469a corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.i586.rpm 72083c11973082f333e77ab8517ef39d corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.i586.rpm c08f09ad0fc94583508edd3ba2706743 corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.i586.rpm 6e6c749452b93361b17270ec94a55f4a corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.i586.rpm 6a8ed9e75840c8af8c5e498daaa04167 corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: 63f47c94136bff5fd82f4486dbef173d x86_64/corporate/2.1/RPMS/emacs-21.3-1.1.C21mdk.x86_64.rpm ea4d960602af4c4f1e7a3899aacbfc38 x86_64/corporate/2.1/RPMS/emacs-el-21.3-1.1.C21mdk.x86_64.rpm 9406e42241f55358662ca7c11afbfbe5 x86_64/corporate/2.1/RPMS/emacs-leim-21.3-1.1.C21mdk.x86_64.rpm 37436bb462c3680e88faf06a8fb71dd7 x86_64/corporate/2.1/RPMS/emacs-nox-21.3-1.1.C21mdk.x86_64.rpm 963f81f300e17c4b72999e146be5f772 x86_64/corporate/2.1/RPMS/emacs-X11-21.3-1.1.C21mdk.x86_64.rpm 6a8ed9e75840c8af8c5e498daaa04167 x86_64/corporate/2.1/SRPMS/emacs-21.3-1.1.C21mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDcnJvmqjQ0CJFipgRAluEAJ9L1DMaYAPBpjahC49cWqS1eapENQCePSJo 15EH7mwQZZDnCwfXGIyb/T8= =KrT/ -----END PGP SIGNATURE-----
