Описание
Security update for emacs
Emacs has been updated to fix the following issues:
* Several cases of insecure usage of temporary files. (CVE-2014-3421,
CVE-2014-3422, CVE-2014-3423, CVE-2014-3424)
* Use of vc-annotate for renamed files when using Git. (bnc#854683)
Security Issues:
* CVE-2014-3421
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421>
* CVE-2014-3422
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422>
* CVE-2014-3423
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423>
* CVE-2014-3424
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
emacs-22.3-4.42.1
emacs-info-22.3-4.42.1
emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3
emacs-22.3-4.42.1
emacs-el-22.3-4.42.1
emacs-info-22.3-4.42.1
emacs-nox-22.3-4.42.1
emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
emacs-22.3-4.42.1
emacs-el-22.3-4.42.1
emacs-info-22.3-4.42.1
emacs-nox-22.3-4.42.1
emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
emacs-22.3-4.42.1
emacs-el-22.3-4.42.1
emacs-info-22.3-4.42.1
emacs-nox-22.3-4.42.1
emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Software Development Kit 11 SP3
emacs-nox-22.3-4.42.1
Ссылки
- Link for SUSE-SU-2015:0834-1
- E-Mail link for SUSE-SU-2015:0834-1
- SUSE Security Ratings
- SUSE Bug 854683
- SUSE Bug 876847
- SUSE CVE CVE-2014-3421 page
- SUSE CVE CVE-2014-3422 page
- SUSE CVE CVE-2014-3423 page
- SUSE CVE CVE-2014-3424 page
Описание
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:emacs-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-info-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:emacs-22.3-4.42.1
Ссылки
- CVE-2014-3421
- SUSE Bug 876847
Описание
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:emacs-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-info-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:emacs-22.3-4.42.1
Ссылки
- CVE-2014-3422
- SUSE Bug 876847
Описание
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:emacs-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-info-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:emacs-22.3-4.42.1
Ссылки
- CVE-2014-3423
- SUSE Bug 876847
Описание
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:emacs-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-info-22.3-4.42.1
SUSE Linux Enterprise Desktop 11 SP3:emacs-x11-22.3-4.42.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:emacs-22.3-4.42.1
Ссылки
- CVE-2014-3424
- SUSE Bug 876847