Bug 847698 - (CVE-2012-3479) CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe'
CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sectio...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120807,reported=2...
: Security
Depends On: 847702
Blocks: 847705
  Show dependency treegraph
 
Reported: 2012-08-13 05:54 EDT by Jan Lieskovsky
Modified: 2015-07-31 02:52 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-04 19:16:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Provided (from [2]) upstream patch for v23.4 version (1.37 KB, patch)
2012-08-13 05:56 EDT, Jan Lieskovsky
no flags Details | Diff
Provided (from [2]) upstream patch for v24.1 version (1.37 KB, patch)
2012-08-13 05:57 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2012-08-13 05:54:52 EDT
A security flaw was found in the file-variables code of emacs, a GNU Emacs text editor. When the Emacs user option 'enable-local-variables' was set to ':safe' (default is t), Emacs failed to refuse to evaluate 'eval' forms in file-local variable sections. A remote attacker could provide a specially-crafted file, that when processed by the Emacs Lisp plug-in would lead to arbitrary Lisp code execution with the privileges of the user running the Emacs editor, if the victim has had the 'enable-local-variables' option set to ':safe'.

Upstream bug:
[1] http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

References:
[2] http://www.openwall.com/lists/oss-security/2012/08/13/1
[3] http://www.openwall.com/lists/oss-security/2012/08/13/2
Comment 1 Jan Lieskovsky 2012-08-13 05:56:45 EDT
Created attachment 603940 [details]
Provided (from [2]) upstream patch for v23.4 version
Comment 2 Jan Lieskovsky 2012-08-13 05:57:32 EDT
Created attachment 603943 [details]
Provided (from [2]) upstream patch for v24.1 version
Comment 3 Jan Lieskovsky 2012-08-13 05:58:20 EDT
This issue affects the versions of the emacs package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Comment 4 Jan Lieskovsky 2012-08-13 05:59:19 EDT
Created emacs tracking bugs for this issue

Affects: fedora-all [bug 847702]
Comment 6 Fedora Update System 2012-08-22 16:58:01 EDT
emacs-23.3-10.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2012-08-22 17:08:40 EDT
emacs-24.1-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Stefan Cornelius 2012-08-29 05:36:31 EDT
Statement:

Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.