News

=========================================================== Ubuntu Security Notice USN-541-1 November 13, 2007 emacs22 vulnerability CVE-2007-5795 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: emacs22 22.1-0ubuntu5.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.