 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.61482 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-607-1 (emacs22) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to emacs22 announced via advisory USN-607-1. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. (CVE-2007-6109) Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2008-1694) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: emacs21 21.4a-3ubuntu2.2 emacs21-bin-common 21.4a-3ubuntu2.2 Ubuntu 7.04: emacs21 21.4a+1-2ubuntu1.2 emacs21-bin-common 21.4a+1-2ubuntu1.2 Ubuntu 7.10: emacs22 22.1-0ubuntu5.2 emacs22-bin-common 22.1-0ubuntu5.2 Ubuntu 8.04 LTS: emacs22 22.1-0ubuntu10.1 emacs22-bin-common 22.1-0ubuntu10.1 After a standard system upgrade you need to restart Emacs to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-607-1 Risk factor : Critical CVSS Score: 10.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-6109 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://security.gentoo.org/glsa/glsa-200712-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:034 http://secunia.com/advisories/27965 http://secunia.com/advisories/27984 http://secunia.com/advisories/28838 http://secunia.com/advisories/29420 http://secunia.com/advisories/30109 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html https://usn.ubuntu.com/607-1/ http://www.vupen.com/english/advisories/2008/0924/references XForce ISS Database: emacs-unspecified-bo(38904) https://exchange.xforce.ibmcloud.com/vulnerabilities/38904 Common Vulnerability Exposure (CVE) ID: CVE-2008-1694 BugTraq ID: 28857 http://www.securityfocus.com/bid/28857 http://www.mandriva.com/security/advisories?name=MDVSA-2008:096 http://www.securitytracker.com/id?1019909 http://secunia.com/advisories/29905 http://secunia.com/advisories/29926 http://www.vupen.com/english/advisories/2008/1309/references http://www.vupen.com/english/advisories/2008/1310/references XForce ISS Database: xemacs-gnuemacs-vcdiff-symlink(41906) https://exchange.xforce.ibmcloud.com/vulnerabilities/41906 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |