openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)

Medium Nessus Plugin ID 74780


The remote openSUSE host is missing a security update.


This update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs :

- Add fix for bnc#775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' (CVE-2012-3479)

- Add fix for bnc#780653 to allow emacs to parse tar archives with PAX extended headers

- This update also upgrades emacs to version 24.1 :

- Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and SELinux

- Support for wide integer (62 bits) in lisp even on 32-bit machines.

- The --unibyte, --multibyte, --no-multibyte, and
--no-unibyte command line arguments, and the EMACS_UNIBYTE environment variable, no longer have any effect.

- And many more changes see /usr/share/emacs/24.1/etc/NEWS

- Remove obsolete patches

- Refresh some others patches

emacs-w3 :

- (condition-case ...) and (eval-when (compile) ...) will not work together

gnuplot :

- Resolve the former problem by using texlive-texinfo to enforce installing required fonts as well as required tools for TL 2012

- add more texlive 2012 requirements

- Make it build with latest TeXLive 2012 with new package layout

- Convert gnuplot.el to new backtick lisp scheme for emacs 24.1

ddskk :

- Update to ddskk-14.4 and skkdic-20110529

- Take some patches from Debian as well add some own patches

- Drop superfluous patches


Update the affected emacs and depending packages packages.

See Also

Plugin Details

Severity: Medium

ID: 74780

File Name: openSUSE-2012-710.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ddskk, p-cpe:/a:novell:opensuse:emacs, p-cpe:/a:novell:opensuse:emacs-debuginfo, p-cpe:/a:novell:opensuse:emacs-debugsource, p-cpe:/a:novell:opensuse:emacs-el, p-cpe:/a:novell:opensuse:emacs-info, p-cpe:/a:novell:opensuse:emacs-nox, p-cpe:/a:novell:opensuse:emacs-w3, p-cpe:/a:novell:opensuse:emacs-x11, p-cpe:/a:novell:opensuse:gnuplot, p-cpe:/a:novell:opensuse:gnuplot-debuginfo, p-cpe:/a:novell:opensuse:gnuplot-debugsource, p-cpe:/a:novell:opensuse:skkdic, p-cpe:/a:novell:opensuse:skkdic-extra, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2012/10/10

Reference Information

CVE: CVE-2012-3479