Local Security Bug in GNU Emacs
A vulnerability in the extended text editor GNU Emacs gives local attackers the ability to run arbitrary code.
Developer Drake Wilson disclosed the vulnerability on the Debian Security mailing list. The error is caused by incorrect behavior of the "hack-local-variables" function if it is set to ":safe". The documentation for the function states that Emacs only runs variables that are declared as safe in this case, but this is not true: Emacs actually ignores the function and uses any local variable. An attacker could exploit this to modify the current user’s init file and execute code by means of a carefully crafted Emacs Lisp file.
The bug affects Emacs version 22.1 and possibly others. The Emacs 22.1 package in the Debian Etch repository does not have the bug says another developer. A fix is available from the CVS repository. The vulnerability has been assigned CVE ID CVE-2007-5795. The GNU Emacs maintainer has been notified.
Issue 261/2022
Buy this issue as a PDF
News
-
KaOS 2022.06 Now Available With KDE Plasma 5.25
The newest iteration of KaOS Linux not only adds the latest KDE Plasma desktop but sets LibreOffice as the default.
-
Manjaro 21.3.0 Is Now Available
Manjaro “Ruah” has been released and includes the latest Calamares installer, GNOME 42, and much more.
-
SpiralLinux is a New Linux Distribution Focused on Simplicity
A new Linux distribution, from the creator of GeckoLinux, is a Debian-based operating system with a focus on simplicity and ease of use.
-
HP Dev One Linux Laptop is Now Available for Pre-Order
The System76/HP collaboration Dev One laptop, geared toward developers, is now available for pre-order.
-
NixOS 22.5 Is Now Available
The latest release of NixOS with a much-improved package manager and a user-friendly graphical installer.
-
System76 Teams up with HP to Create the Dev One Laptop
HP and System76 have come together to develop a new laptop, powered by Pop!_OS and aimed toward developers.
-
Titan Linux is a New KDE Linux Based on Debian Stable
Titan Linux is a new Debian-based Linux distribution that features the KDE Plasma desktop with a focus on usability and performance.
-
Danielle Foré Has an Update for elementary OS 7
Now that Ubuntu 22.04 has been released, the team behind elementary OS is preparing for the upcoming 7.0 release.
-
Linux New Media Launches Open Source JobHub
New job website focuses on connecting technical and non-technical professionals with organizations in open source.
-
Ubuntu Cinnamon 22.04 Now Available
Ubuntu Cinnamon 22.04 has been released with all the additions from upstream as well as other features and improvements.