Sabtu, 29 September 2012

Emacs Vulnerability Fixed in Ubuntu 12.04 LTS and Ubuntu 11.10


Canonical has published in a security notice details about an Emacs vulnerability for its Ubuntu 12.04 LTS and Ubuntu 11.10 operating systems.

According to Canonical, Emacs could be made to run programs, as your login, if it opened a specially crafted file.

Hiroshi Oota and Paul Ling discovered that the Emacs package incorrectly handled search paths and it incorrectly handled certain eval forms in local-variable sections. A local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program.

The security flaws can be fixed if you upgrade your system(s) to the latest emacs23 and emacs23-common versions. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart won't be necessary to implement the changes, but Emacs needs to be restarted.

Via: Emacs Vulnerability Fixed in Ubuntu 12.04 LTS and Ubuntu 11.10

Tidak ada komentar:

Posting Komentar