Explore top 10 tips to secure your open-source projects now. Read More
×Moderate: emacs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7083", "synopsis": "Moderate: emacs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for emacs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2171987", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171987", "description": ""}, {"ticket": "2171989", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2171989", "description": ""}], "cves": [{"name": "CVE-2022-48337", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48337", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-77"}, {"name": "CVE-2022-48339", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48339", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-77"}], "references": [], "publishedAt": "2026-06-25T12:00:44.845974Z", "rpms": {"RockyLinux 8": {"nvras": ["emacs-1:26.1-11.el8.aarch64.rpm", "emacs-1:26.1-11.el8.src.rpm", "emacs-1:26.1-11.el8.x86_64.rpm", "emacs-common-1:26.1-11.el8.aarch64.rpm", "emacs-common-1:26.1-11.el8.x86_64.rpm", "emacs-common-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-debugsource-1:26.1-11.el8.aarch64.rpm", "emacs-filesystem-1:26.1-11.el8.noarch.rpm", "emacs-lucid-1:26.1-11.el8.aarch64.rpm", "emacs-lucid-1:26.1-11.el8.x86_64.rpm", "emacs-lucid-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.aarch64.rpm", "emacs-nox-1:26.1-11.el8.x86_64.rpm", "emacs-nox-debuginfo-1:26.1-11.el8.aarch64.rpm", "emacs-terminal-1:26.1-11.el8.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the critical security updates for emacs on Rocky Linux affecting command execution and injection vulnerabilities.. Rocky Linux emacs update, command injection vulnerability, command execution fix. . Severity: moderate. LinuxSecurity.com Team
Security update. Publication date: 16 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0213.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-6861 Description: Memory corruption vulnerability when processing svg css. (CVE-2026-6861) References: - https://bugs.mageia.org/show_bug.cgi?id=35444 - https://lists.opensuse.org/archives/list/
An update that solves one vulnerability and has 2 bug fixes can now be installed.. openSUSE security update: security update for emacs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20759-1 Rating: moderate References: * bsc#1262007 * bsc#1262611 Cross-References: * CVE-2026-6861 CVSS scores: * CVE-2026-6861 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-6861 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for emacs fixes the following issue: - CVE-2026-6861: memory corruption when processing specially crafted SVG CSS data (bsc#1262611). - Build with tree-sitter-0.26.8 security update (bsc#1262007). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-755=1 Package List: - openSUSE Leap 16.0: emacs-30.2-160000.2.1 emacs-el-30.2-160000.2.1 emacs-eln-30.2-160000.2.1 emacs-games-30.2-160000.2.1 emacs-info-30.2-160000.2.1 emacs-nox-30.2-160000.2.1 emacs-x11-30.2-160000.2.1 etags-30.2-160000.2.1 References: * https://www.suse.com/security/cve/CVE-2026-6861.html . Critical memory corruption in Emacs resolved with moderate update ensuring system stability on openSUSE Leap 16.0.. Emacs Security Update, openSUSE Leap, Memory Corruption Fix, Software Patch. . Severity: Important. LinuxSecurity.com Team
Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-49b8ca7981 2026-05-01 03:11:02.715739+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 44 Version : 30.2 Release : 23.fc44 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-23 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. * Tue Mar 31 2026 Peter Oliver - 1:30.2-22 - Fix bad backport of Tree-sitter 0.26 compatibility patch. * Mon Mar 30 2026 Andreas Schneider - 1:30.2-21 - Rebuild against tree-sitter-0.26.7-2.fc45 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460586 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460586 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-49b8ca7981' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-290753da75 2026-05-01 03:01:50.286544+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 43 Version : 30.2 Release : 7.fc43 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-7 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460585 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2460585 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-290753da75' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-52dad6273a 2026-05-01 01:22:47.586700+00:00 -------------------------------------------------------------------------------- Name : emacs Product : Fedora 42 Version : 30.2 Release : 2.fc42 URL : https://www.gnu.org/software/emacs/ Summary : GNU Emacs text editor Description : GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using the GTK toolkit. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Peter Oliver - 1:30.2-2 - Fix CVE-2026-6861: memory corruption vulnerability when processing SVG CSS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460584 - CVE-2026-6861 emacs: Emacs: Memory corruption vulnerability when processing SVG CSS [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2460584 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-52dad6273a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves one vulnerability can now be installed.. # emacs-30.2-8.1 on GA media Announcement ID: openSUSE-SU-2026:10619-1 Rating: moderate Cross-References: * CVE-2026-6861 CVSS scores: * CVE-2026-6861 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2026-6861 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the emacs-30.2-8.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * emacs 30.2-8.1 * emacs-el 30.2-8.1 * emacs-eln 30.2-8.1 * emacs-games 30.2-8.1 * emacs-info 30.2-8.1 * emacs-nox 30.2-8.1 * emacs-x11 30.2-8.1 * etags 30.2-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6861.html . An update for emacs-30.2-8.1 on openSUSE addressing moderate severity issue CVE-2026-6861.. openSUSE update emacs security. . LinuxSecurity.com Team
Several security issues were fixed in Emacs.. ========================================================================== Ubuntu Security Notice USN-8011-1 February 04, 2026 emacs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Emacs. Software Description: - emacs: An extensible, customizable, free/libre text editor \u2014 and more. Details: It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-53920) It was discovered that Emacs did not properly sanitize input when handling certain URI schemes. An attacker could possibly use this issue to execute arbitrary shell commands by tricking a user into opening a specially crafted URL. (CVE-2025-1244) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS emacs 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-bin-common 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-common 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-el 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-gtk 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-lucid 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-nox 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro emacs-pgtk 1:29.3+1-1ubuntu2+esm3 Available with Ubuntu Pro Ubuntu 22.04 LTS emacs 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-bin-common 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-common 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-el 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-gtk 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-lucid 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro emacs-nox 1:27.1+1-3ubuntu5.2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS emacs 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-bin-common 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-common 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-el 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-gtk 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-lucid 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro emacs-nox 1:26.3+1-1ubuntu2+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8011-1 CVE-2024-53920, CVE-2025-1244 . Multiple security issues were resolved in Emacs, affecting several Ubuntu distributions with potentialarbitrary code execution risks.. Emacs security, arbitrary code execution, Ubuntu updates, Emacs vulnerabilities, Ubuntu security fixes. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.