Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201403-05
HistoryMar 20, 2014 - 12:00 a.m.

GNU Emacs: Multiple vulnerabilities

2014-03-2000:00:00
Gentoo Foundation
security.gentoo.org
8

0.013 Low

EPSS

Percentile

85.8%

JSON

Background

GNU Emacs is a highly extensible and customizable text editor.

Description

Multiple vulnerabilities have been discovered in GNU Emacs:

  • When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory (CVE-2012-0035).
  • When ‘enable-local-variables’’ is set to ‘:safe’, Emacs automatically processes eval forms (CVE-2012-3479).

Impact

A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GNU Emacs 24.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.1-r1"

All GNU Emacs 23.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-editors/emacs< 24.1-r1UNKNOWN

Related

openvas 18
ubuntu 1
nessus 14
fedora 4
cve 2
prion 2
kaspersky 1
gentoo 2
ubuntucve 2
cvelist 2
slackware 1
debiancve 1
debian 1
securityvulns 2
freebsd 1
osv 1
openvas
openvas
Ubuntu Update for emacs23 USN-1586-1
2012-10-03 00:00:00
Fedora Update for emacs FEDORA-2012-11872
2012-08-24 00:00:00
Gentoo Security Advisory GLSA 201403-05
2015-09-29 00:00:00
ubuntu
ubuntu
Emacs vulnerabilities
2012-09-27 00:00:00
nessus
nessus
Ubuntu 11.10 / 12.04 LTS : emacs23 vulnerabilities (USN-1586-1)
2012-09-28 00:00:00
Mandriva Linux Security Advisory : emacs (MDVSA-2013:076)
2013-04-20 00:00:00
GLSA-201403-05 : GNU Emacs: Multiple vulnerabilities
2014-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: emacs-23.3-10.fc16
2012-08-22 20:58:06
[SECURITY] Fedora 16 Update: emacs-23.3-9.fc16
2012-01-23 21:57:59
[SECURITY] Fedora 15 Update: emacs-23.3-8.fc15
2012-01-23 21:57:25
cve
cve
CVE-2012-0035
2012-01-19 15:55:00
CVE-2012-3479
2012-08-25 10:29:00
prion
prion
Design/Logic Flaw
2012-01-19 15:55:00
Code injection
2012-08-25 10:29:00
kaspersky
kaspersky
KLA10170 LPE vulnerability in Emacs
2012-01-19 00:00:00
gentoo
gentoo
CEDET: Privilege escalation
2014-01-27 00:00:00
EDE: Privilege escalation
2018-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2012-0035
2012-01-19 00:00:00
CVE-2012-3479
2012-08-25 00:00:00
cvelist
cvelist
CVE-2012-0035
2012-01-19 15:00:00
CVE-2012-3479
2012-08-25 10:00:00
slackware
slackware
[slackware-security] emacs
2012-08-16 06:32:59
debiancve
debiancve
CVE-2012-3479
2012-08-25 10:29:00
debian
debian
[SECURITY] [DSA 2603-1] emacs23 security update
2013-01-09 19:03:00
securityvulns
securityvulns
emacs protection bypass
2012-08-20 00:00:00
[slackware-security] emacs &#40;SSA:2012-228-02&#41;
2012-08-20 00:00:00
freebsd
freebsd
emacs -- remote code execution vulnerability
2012-08-13 00:00:00
osv
osv
emacs23 - programming error
2013-01-09 00:00:00

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for GLSA-201403-05
openvas18ubuntu1nessus14fedora4cve2prion2kaspersky1gentoo2ubuntucve2cvelist2slackware1debiancve1debian1securityvulns2freebsd1osv1