emacs-25.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10469-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z emacs-25.1-1.1 on GA media These are all security issues fixed in the emacs-25.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10469 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-0035/ SUSE CVE CVE-2012-0035 page https://www.suse.com/security/cve/CVE-2014-3421/ SUSE CVE CVE-2014-3421 page https://www.suse.com/security/cve/CVE-2014-3422/ SUSE CVE CVE-2014-3422 page https://www.suse.com/security/cve/CVE-2014-3423/ SUSE CVE CVE-2014-3423 page https://www.suse.com/security/cve/CVE-2014-3424/ SUSE CVE CVE-2014-3424 page https://www.suse.com/security/cve/CVE-2014-9483/ SUSE CVE CVE-2014-9483 page openSUSE Tumbleweed emacs-25.1-1.1 emacs-el-25.1-1.1 emacs-info-25.1-1.1 emacs-nox-25.1-1.1 emacs-x11-25.1-1.1 etags-25.1-1.1 emacs-25.1-1.1 as a component of openSUSE Tumbleweed emacs-el-25.1-1.1 as a component of openSUSE Tumbleweed emacs-info-25.1-1.1 as a component of openSUSE Tumbleweed emacs-nox-25.1-1.1 as a component of openSUSE Tumbleweed emacs-x11-25.1-1.1 as a component of openSUSE Tumbleweed etags-25.1-1.1 as a component of openSUSE Tumbleweed Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. CVE-2012-0035 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0035.html CVE-2012-0035 https://bugzilla.suse.com/740447 SUSE Bug 740447 lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. CVE-2014-3421 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3421.html CVE-2014-3421 https://bugzilla.suse.com/876847 SUSE Bug 876847 lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. CVE-2014-3422 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3422.html CVE-2014-3422 https://bugzilla.suse.com/876847 SUSE Bug 876847 lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. CVE-2014-3423 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3423.html CVE-2014-3423 https://bugzilla.suse.com/876847 SUSE Bug 876847 lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. CVE-2014-3424 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-3424.html CVE-2014-3424 https://bugzilla.suse.com/876847 SUSE Bug 876847 Emacs 24.4 allows remote attackers to bypass security restrictions. CVE-2014-9483 openSUSE Tumbleweed:emacs-25.1-1.1 openSUSE Tumbleweed:emacs-el-25.1-1.1 openSUSE Tumbleweed:emacs-info-25.1-1.1 openSUSE Tumbleweed:emacs-nox-25.1-1.1 openSUSE Tumbleweed:emacs-x11-25.1-1.1 openSUSE Tumbleweed:etags-25.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-9483.html CVE-2014-9483 https://bugzilla.suse.com/912872 SUSE Bug 912872