GNU Emacs: Multiple vulnerabilities

GNU Emacs: Multiple vulnerabilities Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. emacs 2014-03-20 2014-03-20 398239 431178 remote 24.1-r1 23.4-r4 23.2 24.1-r1

GNU Emacs is a highly extensible and customizable text editor.

Multiple vulnerabilities have been discovered in GNU Emacs:

When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory (CVE-2012-0035).
When ‘enable-local-variables’’ is set to ‘:safe’, Emacs automatically processes eval forms (CVE-2012-3479).

A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

There is no known workaround at this time.

All GNU Emacs 24.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.1-r1"

All GNU Emacs 23.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r4"

CVE-2012-0035 CVE-2012-3479 ago ackle