CVE-2014-3423
Publication date 8 May 2014
Last updated 24 July 2024
Ubuntu priority
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Status
Package | Ubuntu Release | Status |
---|---|---|
emacs22 | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
emacs23 | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
emacs24 | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
emacs25 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
emacs-snapshot | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
xemacs21 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
xemacs21-packages | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
Notes
seth-arnold
Mosiac hard-coded this pid file name, the alternative is dropping support for Mosiac entirely. Don't be hasty.
leosilva
from emacs, they added this line only http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html not-fixed