openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)

medium Nessus Plugin ID 74780

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs :

- Add fix for bnc#775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' (CVE-2012-3479)

- Add fix for bnc#780653 to allow emacs to parse tar archives with PAX extended headers

- This update also upgrades emacs to version 24.1 :

- Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and SELinux

- Support for wide integer (62 bits) in lisp even on 32-bit machines.

- The --unibyte, --multibyte, --no-multibyte, and
--no-unibyte command line arguments, and the EMACS_UNIBYTE environment variable, no longer have any effect.

- And many more changes see /usr/share/emacs/24.1/etc/NEWS

- Remove obsolete patches

- Refresh some others patches

emacs-w3 :

- (condition-case ...) and (eval-when (compile) ...) will not work together

gnuplot :

- Resolve the former problem by using texlive-texinfo to enforce installing required fonts as well as required tools for TL 2012

- add more texlive 2012 requirements

- Make it build with latest TeXLive 2012 with new package layout

- Convert gnuplot.el to new backtick lisp scheme for emacs 24.1

ddskk :

- Update to ddskk-14.4 and skkdic-20110529

- Take some patches from Debian as well add some own patches

- Drop superfluous patches

Solution

Update the affected emacs and depending packages packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=775993

https://bugzilla.novell.com/show_bug.cgi?id=780653

https://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html

Plugin Details

Severity: Medium

ID: 74780

File Name: openSUSE-2012-710.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gnuplot-debugsource, p-cpe:/a:novell:opensuse:skkdic-extra, p-cpe:/a:novell:opensuse:skkdic, cpe:/o:novell:opensuse:12.2, p-cpe:/a:novell:opensuse:gnuplot-debuginfo, p-cpe:/a:novell:opensuse:ddskk, p-cpe:/a:novell:opensuse:emacs-x11, p-cpe:/a:novell:opensuse:emacs-el, p-cpe:/a:novell:opensuse:emacs-info, p-cpe:/a:novell:opensuse:gnuplot, p-cpe:/a:novell:opensuse:emacs-nox, p-cpe:/a:novell:opensuse:emacs-debugsource, p-cpe:/a:novell:opensuse:emacs-debuginfo, p-cpe:/a:novell:opensuse:emacs, p-cpe:/a:novell:opensuse:emacs-w3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 10/10/2012

Reference Information

CVE: CVE-2012-3479