Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 557
Alerts This Week
Warning Icon 1 557

Fedora 38: FEDORA-2023-30ef672e3c High: Vim Remote Code Execution

fedora
Calendar Grey October 14, 2023
Dist Fedora Esm H88
The update to Emacs 28.3-rc1 in Fedora 37 fixes major security flaws related to command injection.
Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339.

Summary

Emacs is a powerful, customizable, self-documenting, modeless text

editor. Emacs contains special code editing features, a scripting

language (elisp), and the capability to read mail, news, and more

without leaving the editor.

This package provides an emacs binary with support for X windows.

Update Information:

Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339.

Change Log

* Sat Sep 23 2023 Peter Oliver - 1:28.3-0.rc1 - Upgrade to version 28.3-rc1, fixing CVE-2022-48337, CVE-2022-48338, CVE-2022-48339. * Mon Jun 5 2023 Benson Muite - 1:28.2-4 - Use SPDX license expression - Apply patch to prevent infinite loops when editing python files fixes rhbz#2187041

References


[ 1 ] Bug #2171990 - CVE-2022-48339 emacs: command injection vulnerability in htmlfontify.el [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2171990 [ 2 ] Bug #2171991 - CVE-2022-48338 emacs: local command injection in ruby-mode.el [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2171991 [ 3 ] Bug #2171992 - CVE-2022-48337 emacs: command execution via shell metacharacters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2171992

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-29df561f1d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: emacs
Product: Fedora 37
Version: 28.3
Release: 0.rc1.fc37
URL:
Summary: GNU Emacs text editor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.