/kernel.el

From an Ubuntu security advisory:

After a standard system upgrade you need to restart emacs to effect the
necessary changes.

Details follow:

Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images. By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service.

Gosh, they make it sound as if Emacs is a daemon, run from an init file, running all the time and… oh, wait. Right.

Advertisements
This entry was posted in :-), Geek and tagged , . Bookmark the permalink.

2 Responses to /kernel.el

  1. Cyde Weys says:

    Man, that’s funny. I didn’t even realize emacs could open GIFs. Who would think to try? And as for running emacs like a daemon … yeah, I’m guilty.

    This is one of the more underwhelming security threats I’ve seen recently, though. Windows security threats are along the lines of allowing the attacker root access. This security threat is nothing more than a program failing to validate all proper input, and crashing on some small subset of it.

    Like

  2. arensb says:

    I didn’t even realize emacs could open GIFs.

    Yeah, I think they got that from XEmacs or something. You may need to toggle M-x auto-image-file-mode to turn it on.

    Perhaps the most useful use for image mode that I’ve seen is LaTeX preview mode, which runs LaTeX on the equations in your paper, and displays them in your Emacs buffer as PNGs of the rendered version.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s