Updated emacs packages fix CVE-2014-3421-4
Publication date: 06 Jun 2014Modification date: 06 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3421 , CVE-2014-3422 , CVE-2014-3423 , CVE-2014-3424
Description
Updated emacs packages fix security vulnerabilities:
Steve Kemp discovered multiple temporary file handling issues in Emacs.
A local attacker could use these flaws to perform symbolic link attacks
against users running Emacs (CVE-2014-3421, CVE-2014-3422, CVE-2014-3423,
CVE-2014-3424).
References
- https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133825.html
- https://bugs.mageia.org/show_bug.cgi?id=13458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3423
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3424
SRPMS
4/core
- emacs-24.3-4.1.mga4
3/core
- emacs-24.2-5.1.mga3