Bug 366801 - (CVE-2007-5795) CVE-2007-5795 emacs insufficient safe mode checks
CVE-2007-5795 emacs insufficient safe mode checks
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
impact=moderate,reported=20071102,pub...
: Security
Depends On: 367581 367591 367601
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-05 08:53 EST by Tomas Hoger
Modified: 2007-11-17 00:34 EST (History)
1 user (show)

See Also:
Fixed In Version: 22.1-8.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-17 00:33:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-11-05 08:53:31 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5795 to the following vulnerability:

The hack-local-variables function in Emacs before 22.2, when
enable-local-variables is set to :safe, does not properly search lists of
unsafe or risky variables, which might allow user-assisted attackers to bypass
intended restrictions and modify critical program variables via a file
containing a Local variables declaration.

References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
Comment 7 Fedora Update System 2007-11-08 00:59:15 EST
emacs-22.1-8.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update emacs'
Comment 9 Tomas Hoger 2007-11-08 08:39:22 EST
This issue only affected emacs as of version 22.

This issue did not affect versions of emacs packages as shipped with Red Hat
Enterprise Linux 2.1, 3, 4, or 5.

Updates for Fedora 7 and Fedora 8 were build and will be pushed to stable
repository shortly.
Comment 11 Fedora Update System 2007-11-09 18:46:30 EST
emacs-22.1-5.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update emacs'
Comment 12 Fedora Update System 2007-11-17 00:33:08 EST
emacs-22.1-8.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2007-11-17 00:34:31 EST
emacs-22.1-5.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.