Mageia 9: 2024-0397 critical: emacs arbitrary code execution

mageia

December 24, 2024

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe L...

Summary

In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code). (CVE-2024-53920)

References

- https://bugs.mageia.org/show_bug.cgi?id=33867

- https://www.cve.org/CVERecord?id=CVE-2024-53920

Topics Covered

security advisory code execution arbitrary code Emacs Mageia emacs update macro expansion

Resolution

SRPMS

- 9/core/emacs-29.4-1.2.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 24 Dec 2024

URL: https://advisories.mageia.org/MGASA-2024-0397.html

Type: security

CVE: CVE-2024-53920

Topics Covered

security advisory code execution arbitrary code Emacs Mageia emacs update macro expansion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: 2024-0397 critical: emacs arbitrary code execution

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: 2024-0397 critical: emacs arbitrary code execution

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!