A security flaw was found in the file-variables code of emacs, a GNU Emacs text editor. When the Emacs user option 'enable-local-variables' was set to ':safe' (default is t), Emacs failed to refuse to evaluate 'eval' forms in file-local variable sections. A remote attacker could provide a specially-crafted file, that when processed by the Emacs Lisp plug-in would lead to arbitrary Lisp code execution with the privileges of the user running the Emacs editor, if the victim has had the 'enable-local-variables' option set to ':safe'. Upstream bug: [1] http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 References: [2] http://www.openwall.com/lists/oss-security/2012/08/13/1 [3] http://www.openwall.com/lists/oss-security/2012/08/13/2
Created attachment 603940 [details] Provided (from [2]) upstream patch for v23.4 version
Created attachment 603943 [details] Provided (from [2]) upstream patch for v24.1 version
This issue affects the versions of the emacs package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Created emacs tracking bugs for this issue Affects: fedora-all [bug 847702]
emacs-23.3-10.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
emacs-24.1-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Statement: Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 5 and 6.