From an Ubuntu security advisory:

After a standard system upgrade you need to restart emacs to effect the
necessary changes.

Details follow:

Hendrik Tews discovered that emacs21 did not correctly handle certain
GIF images. By tricking a user into opening a specially crafted GIF,
a remote attacker could cause emacs21 to crash, resulting in a denial
of service.

Gosh, they make it sound as if Emacs is a daemon, run from an init file, running all the time and… oh, wait. Right.

2 thoughts on “/kernel.el

  1. Man, that’s funny. I didn’t even realize emacs could open GIFs. Who would think to try? And as for running emacs like a daemon … yeah, I’m guilty.

    This is one of the more underwhelming security threats I’ve seen recently, though. Windows security threats are along the lines of allowing the attacker root access. This security threat is nothing more than a program failing to validate all proper input, and crashing on some small subset of it.

  2. I didn’t even realize emacs could open GIFs.

    Yeah, I think they got that from XEmacs or something. You may need to toggle M-x auto-image-file-mode to turn it on.

    Perhaps the most useful use for image mode that I’ve seen is LaTeX preview mode, which runs LaTeX on the equations in your paper, and displays them in your Emacs buffer as PNGs of the rendered version.

Comments are closed.