EDE: Privilege escalation — GLSA 201812-05

A vulnerability in EDE could result in privilege escalation.

Affected packages

app-xemacs/ede on all architectures
Affected versions < 1.07
Unaffected versions >= 1.07

Background

A package that simplifies the task of creating, building, and debugging large programs with Emacs. It provides some of the features of an IDE, or Integrated Development Environment, in Emacs.

Description

An untrusted search path vulnerability was discovered in EDE.

Impact

A local attacker could escalate his privileges via a specially crafted Lisp expression in a Project.ede file in the directory or a parent directory of an opened file.

Workaround

There is no known workaround at this time.

Resolution

All EDE users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-xemacs/ede-1.07"
 

References

Release date
December 06, 2018

Latest revision
December 06, 2018: 1

Severity
normal

Exploitable
local

Bugzilla entries