[Security Announce] [ MDVSA-2015:117 ] emacs

Fabricante: Mandriva
Fecha: 29/03/2015
Identificador: MDVSA-2015:117
[Security Announce] [ MDVSA-2015:117 ] emacs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:117 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : emacs Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424 http://advisories.mageia.org/MGASA-2014-0250.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: d9f008f7b320e274f828f4e3c12f87fe mbs2/x86_64/emacs-24.3-7.1.mbs2.x86_64.rpm f0a641e5e2f16a28daeafa623c0fd179 mbs2/x86_64/emacs-common-24.3-7.1.mbs2.x86_64.rpm c367752961a74f31e1b8111f8e363777 mbs2/x86_64/emacs-doc-24.3-7.1.mbs2.noarch.rpm 0e0536e56c6a7f94cd52ed72908ca471 mbs2/x86_64/emacs-el-24.3-7.1.mbs2.noarch.rpm a5d5e9f3bd2e77b4a8094c4e7b147477 mbs2/x86_64/emacs-leim-24.3-7.1.mbs2.noarch.rpm 14ffc339e2302b0252e0e82148c7eecd mbs2/x86_64/emacs-nox-24.3-7.1.mbs2.x86_64.rpm ecef0a2fcec34515d8243558d9dc91dd mbs2/SRPMS/emacs-24.3-7.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF7kBmqjQ0CJFipgRAqDfAKDFvMnvZoOdeSt2qSR/6bI3tWs4nwCaAveC pnnVGz4Fon1YLjznhhMTSwo= =Ehsq -----END PGP SIGNATURE-----