openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following issues for emacs, emacs-w3, gnuplot
and ddskk: emacs :

- Add fix for bnc#775993 which disable arbitrary lisp code
execution when 'enable-local-variables' is set to
':safe' (CVE-2012-3479)

- Add fix for bnc#780653 to allow emacs to parse tar
archives with PAX extended headers

- This update also upgrades emacs to version 24.1 :

- Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and
SELinux

- Support for wide integer (62 bits) in lisp even on
32-bit machines.

- The --unibyte, --multibyte, --no-multibyte, and
--no-unibyte command line arguments, and the
EMACS_UNIBYTE environment variable, no longer have any
effect.

- And many more changes see /usr/share/emacs/24.1/etc/NEWS

- Remove obsolete patches

- Refresh some others patches

emacs-w3 :

- (condition-case ...) and (eval-when (compile) ...) will
not work together

gnuplot :

- Resolve the former problem by using texlive-texinfo to
enforce installing required fonts as well as required
tools for TL 2012

- add more texlive 2012 requirements

- Make it build with latest TeXLive 2012 with new package
layout

- Convert gnuplot.el to new backtick lisp scheme for emacs
24.1

ddskk :

- Update to ddskk-14.4 and skkdic-20110529

- Take some patches from Debian as well add some own
patches

- Drop superfluous patches

See also :

http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html
https://bugzilla.novell.com/show_bug.cgi?id=775993
https://bugzilla.novell.com/show_bug.cgi?id=780653

Solution :

Update the affected emacs and depending packages packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74780 ()

Bugtraq ID:

CVE ID: CVE-2012-3479

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now