Mageia: 2024-0104 Critical: Emacs Org Mode Issues and Resolutions
mageia
March 31, 2024
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode
Summary
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of
turning on Org mode. This affects Org Mode before 9.6.23.
(CVE-2024-30202)
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
(CVE-2024-30203)
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail
attachments. (CVE-2024-30204)
In Emacs before 29.3, Org mode considers contents of remote files to be
trusted. This affects Org Mode before 9.6.23. (CVE-2024-30205)
References
- https://bugs.mageia.org/show_bug.cgi?id=33019
- https://www.openwall.com/lists/oss-security/2024/03/24/1
- https://www.openwall.com/lists/oss-security/2024/03/25/2
- https://www.cve.org/CVERecord?id=CVE-2024-30202
- https://www.cve.org/CVERecord?id=CVE-2024-30203
- https://www.cve.org/CVERecord?id=CVE-2024-30204
- https://www.cve.org/CVERecord?id=CVE-2024-30205
Resolution
SRPMS
- 9/core/emacs-28.2-10.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 31 Mar 2024
URL: https://advisories.mageia.org/MGASA-2024-0104.html
Type: security
CVE: CVE-2024-30202,
CVE-2024-30203,
CVE-2024-30204,
CVE-2024-30205
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!