|
|
Log in / Subscribe / Register

emacs: multiple vulnerabilities

Package(s):emacs CVE #(s):CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424
Created:May 30, 2014 Updated:March 29, 2015
Description:

From the Red Hat bug report:

Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs. Original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100

CVE-2014-3421 was assigned to the issue in lisp/gnus/gnus-fun.el Upstream fix: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html

CVE-2014-3422 was assigned to the issue in lisp/emacs-lisp/find-gc.el Upstream fix: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html

CVE-2014-3423 was assigned to the issue in lisp/net/browse-url.el (this one does not currently have a fix) Upstream note: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html

CVE-2014-3424 was assigned to the issue in lisp/net/tramp.el Upstream fix: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html

Alerts:
Mandriva MDVSA-2015:117 emacs 2015-03-29
openSUSE openSUSE-SU-2014:1460-1 emacs 2014-11-20
Mageia MGASA-2014-0250 emacs 2014-06-06
Fedora FEDORA-2014-6554 emacs 2014-05-29
Mandriva MDVSA-2014:118 emacs 2014-06-10
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds