-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:083 http://www.mandriva.com/security/ _______________________________________________________________________ Package : emacs Date : April 20, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in emacs: lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks (CVE-2010-0825). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0825 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8a36ed0e4ee5e60e6d15bae8ff41f629 2008.0/i586/emacs-22.1-5.5mdv2008.0.i586.rpm fdd8511e920ced5d618d3cd6aba68911 2008.0/i586/emacs-common-22.1-5.5mdv2008.0.i586.rpm ca04fb9a07164015f2528a8786d77f29 2008.0/i586/emacs-doc-22.1-5.5mdv2008.0.i586.rpm a88f5daab983d28f945484f71cf1e828 2008.0/i586/emacs-el-22.1-5.5mdv2008.0.i586.rpm 0419331869c819f648d8890e7f50ec1c 2008.0/i586/emacs-gtk-22.1-5.5mdv2008.0.i586.rpm db38ffe92d447d5971fe1dc684c4ce00 2008.0/i586/emacs-leim-22.1-5.5mdv2008.0.i586.rpm 25cc16c584b483c7f22821140b1b938a 2008.0/i586/emacs-nox-22.1-5.5mdv2008.0.i586.rpm 1402cff0f3567e12b9993f6ff986c805 2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f4264ec18e313e5d06886dd9ffa5f204 2008.0/x86_64/emacs-22.1-5.5mdv2008.0.x86_64.rpm fd0d05ad7ffe83fffca4ccecae8e3325 2008.0/x86_64/emacs-common-22.1-5.5mdv2008.0.x86_64.rpm b3e23700f78da33dffa5c84dc6da2bdb 2008.0/x86_64/emacs-doc-22.1-5.5mdv2008.0.x86_64.rpm 4d03f0945652db265d8d84e1d64933b2 2008.0/x86_64/emacs-el-22.1-5.5mdv2008.0.x86_64.rpm 4c3ece999300f74d84889f80fb98db1f 2008.0/x86_64/emacs-gtk-22.1-5.5mdv2008.0.x86_64.rpm ad9cf01c131774cce30c6f56dba1c0e0 2008.0/x86_64/emacs-leim-22.1-5.5mdv2008.0.x86_64.rpm 9825be3852973a906c63eb0c4442fdf6 2008.0/x86_64/emacs-nox-22.1-5.5mdv2008.0.x86_64.rpm 1402cff0f3567e12b9993f6ff986c805 2008.0/SRPMS/emacs-22.1-5.5mdv2008.0.src.rpm Mandriva Linux 2009.0: c1f452b2b7a900adc5cd5f2227b592d9 2009.0/i586/emacs-22.3-2.1mdv2009.0.i586.rpm 860f26ae0eb85825af7f059615884448 2009.0/i586/emacs-common-22.3-2.1mdv2009.0.i586.rpm e8f11e4b732db5a858f294eccca45656 2009.0/i586/emacs-doc-22.3-2.1mdv2009.0.i586.rpm 4ff5202dcc2395ca1bcc256d626f6e26 2009.0/i586/emacs-el-22.3-2.1mdv2009.0.i586.rpm 4fb94a77c1cf27c5467d4168f7a87753 2009.0/i586/emacs-gtk-22.3-2.1mdv2009.0.i586.rpm 1527ff5aafb16dcf155a5ca4d4014488 2009.0/i586/emacs-leim-22.3-2.1mdv2009.0.i586.rpm 4e1bcb4be6156a7c21705198b64c13ad 2009.0/i586/emacs-nox-22.3-2.1mdv2009.0.i586.rpm 3051661fcbf692988df69fb8c46d604f 2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 6b0af1b476b32050822c7950a022cf63 2009.0/x86_64/emacs-22.3-2.1mdv2009.0.x86_64.rpm 6de11081983013fa58c875af4dd43dda 2009.0/x86_64/emacs-common-22.3-2.1mdv2009.0.x86_64.rpm 6080884452f7c688c1046a8eee7bfb93 2009.0/x86_64/emacs-doc-22.3-2.1mdv2009.0.x86_64.rpm b7c60b9b150e8ab9d6471477971dfe7e 2009.0/x86_64/emacs-el-22.3-2.1mdv2009.0.x86_64.rpm e22cd8c5b6871bb10dfd105e1fe93c6d 2009.0/x86_64/emacs-gtk-22.3-2.1mdv2009.0.x86_64.rpm 3e4bbf7f08060542dfd06308aefda09d 2009.0/x86_64/emacs-leim-22.3-2.1mdv2009.0.x86_64.rpm 02c66cddddd82e9c30a7e3544fd3b9a0 2009.0/x86_64/emacs-nox-22.3-2.1mdv2009.0.x86_64.rpm 3051661fcbf692988df69fb8c46d604f 2009.0/SRPMS/emacs-22.3-2.1mdv2009.0.src.rpm Mandriva Linux 2009.1: d46fd2bc2ef99ffa3ac35bc7bb5d46a9 2009.1/i586/emacs-22.3-4.1mdv2009.1.i586.rpm 1b1f0545718048547885c1338b5651ec 2009.1/i586/emacs-common-22.3-4.1mdv2009.1.i586.rpm f6b1005dd1b529f89da2af6e1697ec6d 2009.1/i586/emacs-doc-22.3-4.1mdv2009.1.i586.rpm a210802a6507090cdb81168b86128867 2009.1/i586/emacs-el-22.3-4.1mdv2009.1.i586.rpm 9977e4a61f16d3afddc89691768d0fc1 2009.1/i586/emacs-gtk-22.3-4.1mdv2009.1.i586.rpm a85c9305c2239b22cbcecf5118c6da09 2009.1/i586/emacs-leim-22.3-4.1mdv2009.1.i586.rpm e0c7a27445140ef48dafccc553cd9317 2009.1/i586/emacs-nox-22.3-4.1mdv2009.1.i586.rpm 1b3914c818aeae1e4ea6a083b0af0d17 2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: fa88c22cdc5064d433238fa5078b62ba 2009.1/x86_64/emacs-22.3-4.1mdv2009.1.x86_64.rpm bb7213f01545508bf1a564eed7cb7037 2009.1/x86_64/emacs-common-22.3-4.1mdv2009.1.x86_64.rpm cfbda12c0fbf64bdb8854b746c035f6b 2009.1/x86_64/emacs-doc-22.3-4.1mdv2009.1.x86_64.rpm 2b0879c394e9d504f289c24f054c0dbc 2009.1/x86_64/emacs-el-22.3-4.1mdv2009.1.x86_64.rpm 797eda5597bd9cfce3ac01285991385c 2009.1/x86_64/emacs-gtk-22.3-4.1mdv2009.1.x86_64.rpm 3dd582e834a33771c980b35862aab33a 2009.1/x86_64/emacs-leim-22.3-4.1mdv2009.1.x86_64.rpm cbae1087cfb5f6390a6f36b1cb29435d 2009.1/x86_64/emacs-nox-22.3-4.1mdv2009.1.x86_64.rpm 1b3914c818aeae1e4ea6a083b0af0d17 2009.1/SRPMS/emacs-22.3-4.1mdv2009.1.src.rpm Mandriva Linux 2010.0: f9fd03f96fc272bc63053a96cf843ac1 2010.0/i586/emacs-23.1-7.1mdv2010.0.i586.rpm 681c0b44b0e22647067bd0e940be8827 2010.0/i586/emacs-common-23.1-7.1mdv2010.0.i586.rpm 96d1a1ae8146ad61a215d3bf73b01700 2010.0/i586/emacs-doc-23.1-7.1mdv2010.0.i586.rpm 8c8277a4a142800a0124469b67094aee 2010.0/i586/emacs-el-23.1-7.1mdv2010.0.i586.rpm 36744d11530a8b669c806ca2914e3cf4 2010.0/i586/emacs-leim-23.1-7.1mdv2010.0.i586.rpm 06102d1450f6c74060eae1d4407af99a 2010.0/i586/emacs-nox-23.1-7.1mdv2010.0.i586.rpm 4d9dd45bc26035a407e4c6d4b815c2a6 2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 71d28cedd7b4538855fb7dcaaa2dad8f 2010.0/x86_64/emacs-23.1-7.1mdv2010.0.x86_64.rpm 4848d48176bc3259b4203408bd4de290 2010.0/x86_64/emacs-common-23.1-7.1mdv2010.0.x86_64.rpm 18c40f7de50179cd24577e5d2b25a370 2010.0/x86_64/emacs-doc-23.1-7.1mdv2010.0.x86_64.rpm 4be6369b10ee043d7a5a92f653786923 2010.0/x86_64/emacs-el-23.1-7.1mdv2010.0.x86_64.rpm b0636d25931219c429d3fd6ebcea52ed 2010.0/x86_64/emacs-leim-23.1-7.1mdv2010.0.x86_64.rpm f55a3a914aeabc657d753f31f361f58f 2010.0/x86_64/emacs-nox-23.1-7.1mdv2010.0.x86_64.rpm 4d9dd45bc26035a407e4c6d4b815c2a6 2010.0/SRPMS/emacs-23.1-7.1mdv2010.0.src.rpm Corporate 4.0: 97bf2e36167aec16484e4262d7192246 corporate/4.0/i586/emacs-21.4-20.5.20060mlcs4.i586.rpm 98f091ceaf519ca443e72813db520d9b corporate/4.0/i586/emacs-doc-21.4-20.5.20060mlcs4.i586.rpm 5f17f3acea1c9553b5949da67b035bbd corporate/4.0/i586/emacs-el-21.4-20.5.20060mlcs4.i586.rpm d53be55d9228a96dfd655b7869da2c0b corporate/4.0/i586/emacs-leim-21.4-20.5.20060mlcs4.i586.rpm 1da93a12ecd0d70ea2cc926581783261 corporate/4.0/i586/emacs-nox-21.4-20.5.20060mlcs4.i586.rpm 52b90583166c96d572f54dfec71d58bb corporate/4.0/i586/emacs-X11-21.4-20.5.20060mlcs4.i586.rpm c42ea31f7a8370f26a1c4920378a8fc6 corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 4af8671bfa35744feff142f012a43523 corporate/4.0/x86_64/emacs-21.4-20.5.20060mlcs4.x86_64.rpm 8585644cac16348f507e0612386083e0 corporate/4.0/x86_64/emacs-doc-21.4-20.5.20060mlcs4.x86_64.rpm d9189616e257bcd96ce7e2911ce4bd0d corporate/4.0/x86_64/emacs-el-21.4-20.5.20060mlcs4.x86_64.rpm ed95b11dff637feac7de0070a2c41234 corporate/4.0/x86_64/emacs-leim-21.4-20.5.20060mlcs4.x86_64.rpm 4b4e71c2e6b9d256f0a418c697cc5d07 corporate/4.0/x86_64/emacs-nox-21.4-20.5.20060mlcs4.x86_64.rpm 5f5db454263d95aa831fc80cc138f591 corporate/4.0/x86_64/emacs-X11-21.4-20.5.20060mlcs4.x86_64.rpm c42ea31f7a8370f26a1c4920378a8fc6 corporate/4.0/SRPMS/emacs-21.4-20.5.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 17182742966ccef0e1ee6ee64cf6c17c mes5/i586/emacs-22.3-2.1mdvmes5.1.i586.rpm 2c828bd88fd8750f78f227a0056e7bad mes5/i586/emacs-common-22.3-2.1mdvmes5.1.i586.rpm 06aa75fc7aefae8e6eb4c8df6d99f19d mes5/i586/emacs-doc-22.3-2.1mdvmes5.1.i586.rpm 5836ed2232c06161b6d196022e35ad23 mes5/i586/emacs-el-22.3-2.1mdvmes5.1.i586.rpm d076d5c6111a9c7bd12fa92987d55974 mes5/i586/emacs-gtk-22.3-2.1mdvmes5.1.i586.rpm ebeced4cb7b5a5d9988331b7db910152 mes5/i586/emacs-leim-22.3-2.1mdvmes5.1.i586.rpm bec9bd00b1d3dd7c1dadbb0a5988cf78 mes5/i586/emacs-nox-22.3-2.1mdvmes5.1.i586.rpm a0e1f2b44f9a7c89a05cc8d2e1ad0633 mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 0b0eadf1a07340ed87cb28f9cd99baab mes5/x86_64/emacs-22.3-2.1mdvmes5.1.x86_64.rpm 03d3f340e9bf804982d3071187b2d6cd mes5/x86_64/emacs-common-22.3-2.1mdvmes5.1.x86_64.rpm 666d6b33034aff76c4caccf21dd2c787 mes5/x86_64/emacs-doc-22.3-2.1mdvmes5.1.x86_64.rpm e634c9037adbff1c38ca612cb46f0e3e mes5/x86_64/emacs-el-22.3-2.1mdvmes5.1.x86_64.rpm 097c47220c2d2a028761ef427bc041ee mes5/x86_64/emacs-gtk-22.3-2.1mdvmes5.1.x86_64.rpm 9cb00684bcc12ea6bcb0c5379346b2b6 mes5/x86_64/emacs-leim-22.3-2.1mdvmes5.1.x86_64.rpm f8de48a717ccdd6809b1e69ccc160e31 mes5/x86_64/emacs-nox-22.3-2.1mdvmes5.1.x86_64.rpm a0e1f2b44f9a7c89a05cc8d2e1ad0633 mes5/SRPMS/emacs-22.3-2.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLzXoWmqjQ0CJFipgRAgQ5AJ9Y6hLXe8ZEaWTe+EAkKK7yI4bRfQCdGCuX 231M6dHiA6lMkbnC4kxHbwY= =MzZZ -----END PGP SIGNATURE-----
