Oracle Solaris Third-Party Patch Update : emacs (cve_2012_3479_arbitrary_code)
Medium Nessus Plugin ID 80603
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
SolutionUpgrade to Solaris 11.2.