FrSIRT - Mandriva Security Update Fixes XEmacs Code Execution Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Mandriva Security Update Fixes XEmacs Code Execution Vulnerability

Title : Mandriva Security Update Fixes XEmacs Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2008-2176
CVE ID : CVE-2008-2142
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-07-24

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by remote attackers execute arbitrary code [...]

Solution

Upgrade the affected packages :

Corporate 3.0:
e0986da570ec923b469a5f23efdb4538 corporate/3.0/i586/xemacs-21.4.15-5.2.C30mdk.i586.rpm
3beba91071cfd28058b2e99694fc7726 corporate/3.0/i586/xemacs-devel-21.4.15-5.2.C30mdk.i586.rpm
7cb5ac450bf9aeeed94bd138bdc82cdb corporate/3.0/i586/xemacs-el-21.4.15-5.2.C30mdk.i586.rpm
a5aedca9c3340a6d354376191303e8e1 corporate/3.0/i586/xemacs-extras-21.4.15-5.2.C30mdk.i586.rpm
c33a8054e1f35ad9c36d60c28d2ae0e7 corporate/3.0/i586/xemacs-packages-21.4.15-5.2.C30mdk.i586.rpm
a6dad6c62c77c973ecee89e9f9eb7f32 corporate/3.0/SRPMS/xemacs-21.4.15-5.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
80e20b9c79f16ed724d83a9b4219408d corporate/3.0/x86_64/xemacs-21.4.15-5.2.C30mdk.x86_64.rpm
5596fce531b255858ce572883ffa5692 corporate/3.0/x86_64/xemacs-devel-21.4.15-5.2.C30mdk.x86_64.rpm
f019a4bfb2fee7558ac4edbffa0e5c73 corporate/3.0/x86_64/xemacs-el-21.4.15-5.2.C30mdk.x86_64.rpm
4a863f88ff3c85a1c10aa1a795b2419e corporate/3.0/x86_64/xemacs-extras-21.4.15-5.2.C30mdk.x86_64.rpm
08e1e58a1583ff7298b1eb1001baa751 corporate/3.0/x86_64/xemacs-packages-21.4.15-5.2.C30mdk.x86_64.rpm
a6dad6c62c77c973ecee89e9f9eb7f32 corporate/3.0/SRPMS/xemacs-21.4.15-5.2.C30mdk.src.rpm

ChangeLog

2008-07-24 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Sun Logical Domain Manager Local Privilege Escalation Vulnerability
	Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability
	Sun Java Messaging Server Cross Site Scripting Vulnerability
	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability
	Sun Java System Identity Manager Security Bypass Vulnerabilities
	Sun Solaris DHCP Buffer Overflow and Denial of Service
	Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities
	IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities