USN-76-1: Emacs vulnerability

7 February 2005

emacs21 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Max Vozeler discovered a format string vulnerability in the “movemail” utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could have been exploited to execute arbitrary code with the privileges of the user and the “mail” group (since “movemail” is installed as “setgid mail”).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
emacs21-bin-common

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References