CVE-2014-3422

Publication date 8 May 2014

Last updated 21 September 2025

Ubuntu priority

Medium

Why this priority?

Description

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

Read the notes from the security team

Status

Package Ubuntu Release Status
emacs-snapshot 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
emacs22 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Ignored end of life
emacs23 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Ignored end of life
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life
emacs24 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
emacs25 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty
Not affected
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
xemacs21 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Ignored end of life
xemacs21-packages 19.04 disco Not in release
18.10 cosmic Not in release
18.04 LTS bionic
Not affected
17.10 artful
Not affected
17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes

seth-arnold

The xemacs21-packages code looked very different; the esrc comment looks out-dated. I'm marking these not-affected because it looked safe to me but review by an emacs expert would be welcome.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
emacs23
emacs24

References

Other references