[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2015:117 ] emacs



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:117
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : emacs
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated emacs packages fix security vulnerabilities:
 
 Steve Kemp discovered multiple temporary file handling issues in
 Emacs. A local attacker could use these flaws to perform symbolic link
 attacks  against users running Emacs (CVE-2014-3421, CVE-2014-3422,
 CVE-2014-3423, CVE-2014-3424).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424
 http://advisories.mageia.org/MGASA-2014-0250.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 d9f008f7b320e274f828f4e3c12f87fe  mbs2/x86_64/emacs-24.3-7.1.mbs2.x86_64.rpm
 f0a641e5e2f16a28daeafa623c0fd179  mbs2/x86_64/emacs-common-24.3-7.1.mbs2.x86_64.rpm
 c367752961a74f31e1b8111f8e363777  mbs2/x86_64/emacs-doc-24.3-7.1.mbs2.noarch.rpm
 0e0536e56c6a7f94cd52ed72908ca471  mbs2/x86_64/emacs-el-24.3-7.1.mbs2.noarch.rpm
 a5d5e9f3bd2e77b4a8094c4e7b147477  mbs2/x86_64/emacs-leim-24.3-7.1.mbs2.noarch.rpm
 14ffc339e2302b0252e0e82148c7eecd  mbs2/x86_64/emacs-nox-24.3-7.1.mbs2.x86_64.rpm 
 ecef0a2fcec34515d8243558d9dc91dd  mbs2/SRPMS/emacs-24.3-7.1.mbs2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/en/support/security/advisories/

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVF7kBmqjQ0CJFipgRAqDfAKDFvMnvZoOdeSt2qSR/6bI3tWs4nwCaAveC
pnnVGz4Fon1YLjznhhMTSwo=
=Ehsq
-----END PGP SIGNATURE-----