Package: emacs21
Severity: important
Tags: security
This was brought to our attention by Red Hat on vendor-sec:
Steve Grubb of Red Hat discovered that vcdiff script as shipped with
Emacs (confirmed in versions 20.7 to 22.1.50) uses temporary files
insecurely, which makes it possible for local attacker to conduct a
symlink attack and make the victim overwrite arbitrary file.
diff -ur emacs-21.4.orig/lib-src/vcdiff emacs-21.4/lib-src/vcdiff
--- emacs-21.4.orig/lib-src/vcdiff 2006-09-28 12:07:51.000000000
-0400
+++ emacs-21.4/lib-src/vcdiff 2006-09-28 15:58:53.000000000 -0400
@@ -86,14 +86,14 @@
case $f in
s.* | */s.*)
if
- rev1=/tmp/geta$$
+ rev1=`mktemp /tmp/geta.XXXXXXXX`
get -s -p -k $sid1 "$f" > $rev1 &&
case $sid2 in
'')
workfile=`expr " /$f" : '.*/s.\(.*\)'`
;;
*)
- rev2=/tmp/getb$$
+ rev2=`mktemp /tmp/getb.XXXXXXXX`
get -s -p -k $sid2 "$f" > $rev2
workfile=$rev2
esac
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages emacs21 depends on:
pn emacs21-bin-common <none> (no description available)
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libncurses5 5.6+20080405-1 Shared libraries for terminal hand
ii libpng12-0 1.2.15~beta5-3 PNG library - runtime
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libtiff4 3.8.2-8 Tag Image File Format (TIFF) libra
ii libungif4g 4.1.6-4 library for GIF images (transition
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii xaw3dg 1.5+E-15 Xaw3d widget set
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
emacs21 recommends no packages.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]