Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Debian 11 DSA-5360-1 Critical: Emacs Shell Command Risk Mitigated

debian
Calendar Grey February 23, 2023
Debian Logo
A vital security patch for Emacs has been released, tackling vulnerabilities related to input handling to mitigate the risk of unauthorized command execution.
Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands
Topics%20covered

Topics Covered

security advisory update critical debian emacs input sanitization shell command execution

Summary

Xi Lu discovered that missing input sanitising in Emacs (in etags, the
Ruby mode and htmlfontify) could result in the execution of arbitrary
shell commands.

For the stable distribution (bullseye), these problems have been fixed in
version 1:27.1+1-3.1+deb11u2.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/emacs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: emacs
CVE ID: CVE-2022-48337 CVE-2022-48338 CVE-2022-48339

Topics%20covered

Topics Covered

security advisory update critical debian emacs input sanitization shell command execution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here