Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 431178 (CVE-2012-3479) - <app-editors/emacs-{23.4-r4,24.1-r1}: Security flaw in enable-local-eval (CVE-2012-3479)
Summary: <app-editors/emacs-{23.4-r4,24.1-r1}: Security flaw in enable-local-eval (CVE...
Status: RESOLVED FIXED
Alias: CVE-2012-3479
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://lists.gnu.org/archive/html/ema...
Whiteboard: C2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-13 06:54 UTC by Ulrich Müller
Modified: 2014-03-20 10:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ulrich Müller gentoo-dev 2012-08-13 06:54:22 UTC
"Paul Ling has found a security flaw in the file-local variables code in
GNU Emacs.  When the user option `enable-local-variables' is set to
`:safe' (the default value is t), Emacs should automatically refuse to
evaluate `eval' forms in file-local variable sections.  Due to the bug,
Emacs instead automatically evaluates such `eval' forms.

Thus, if the user changes the value of `enable-local-variables' to
`:safe', visiting a malicious file can cause automatic execution of
arbitrary Emacs Lisp code with the permissions of the user.

The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1."
Comment 1 Ulrich Müller gentoo-dev 2012-08-13 08:09:44 UTC
Fixed in emacs-23.4-r4 and emacs-24.1-r1.

   Package: app-editors/emacs
   Vulnerable versions: < 24.1-r1
   Unaffected versions: >= 24.1-r1, revision >= 23.4-r4, < 23.2
   Architecture(s): All supported architectures

Arch teams, please stabilise:
emacs-23.4-r4: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
emacs-24.1-r1: amd64 arm hppa ppc64 x86
Comment 2 taaroa 2012-08-13 08:37:41 UTC
CVE-2012-3479
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2012-08-13 13:38:20 UTC
Arch teams, please test and mark stable:
=app-editors/emacs-23.4-r4
Stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86

=app-editors/emacs-24.1-r1
Stable KEYWORDS : amd64 arm hppa ppc64 x86
Comment 4 Agostino Sarubbo gentoo-dev 2012-08-14 12:53:50 UTC
amd64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-08-15 00:33:23 UTC
Stable for HPPA.
Comment 6 Johannes Huber gentoo-dev 2012-08-21 09:59:24 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2012-08-23 21:05:22 UTC
arm stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2012-09-02 17:57:03 UTC
alpha/ia64/s390/sh/sparc stable
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:43:04 UTC
CVE-2012-3479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3479):
  lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes
  eval forms in local-variable sections when the enable-local-variables option
  is set to :safe, which allows user-assisted remote attackers to execute
  arbitrary Emacs Lisp code via a crafted file.
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-09-26 15:54:05 UTC
ppc64 stable
Comment 11 Ulrich Müller gentoo-dev 2012-10-07 14:22:21 UTC
ppc: ping
Comment 12 Anthony Basile gentoo-dev 2012-10-08 15:06:44 UTC
(In reply to comment #11)
> ppc: ping

pong!  stable ppc, closing
Comment 13 Ulrich Müller gentoo-dev 2012-10-08 18:46:25 UTC
Stable on all supported arches, vulnerable versions removed from tree.
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-09 00:45:40 UTC
Thanks, everyone. 

Added to existing GLSA request.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-03-20 10:43:38 UTC
This issue was resolved and addressed in
 GLSA 201403-05 at http://security.gentoo.org/glsa/glsa-201403-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).