Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorycode executionarbitrary codeMageia 9: 2024-0397 critical: emacs arbitrary code execution
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte . MGASA-2024-0397 - Updated emacs packages fix security vulnerability Publication date: 24 Dec 2024 URL: https://advisories.mageia.org/MGASA-2024-0397.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-53920 In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code). (CVE-2024-53920) References: - https://bugs.mageia.org/show_bug.cgi?id=33867 - - https://www.cve.org/CVERecord?id=CVE-2024-53920 SRPMS: - 9/core/emacs-29.4-1.2.mga9 . Updates to Emacs packages have been released to tackle critical security vulnerabilities that permit unregulated code execution via unsafe macro expansions.. CVE-2024-53920, Emacs, Mageia, security advisory, macro expansion. . Severity: Critical. LinuxSecurity.com Team
Dec 24, 2024
•Critical
Mageia
200
security advisorycommand injectionmoderate issueScientific Linux SL7 SLSA-2023-3481-1 Moderate: Emacs Command Injection
emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE SL7 x86_64 emacs-24.3-23.el7_9.1.x86_64.rpm emacs-common-24.3-23.el7_9.1.x86_64.rpm emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm emacs-nox-24.3-23.el7_9.1.x8 [More...]. Synopsis: Moderate: emacs security update Advisory ID: SLSA-2023:3481-1 Issue Date: 2023-06-07 CVE Numbers: CVE-2022-48339 -- Security Fix(es): * emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 emacs-24.3-23.el7_9.1.x86_64.rpm emacs-common-24.3-23.el7_9.1.x86_64.rpm emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm emacs-nox-24.3-23.el7_9.1.x86_64.rpm noarch emacs-filesystem-24.3-23.el7_9.1.noarch.rpm emacs-el-24.3-23.el7_9.1.noarch.rpm emacs-terminal-24.3-23.el7_9.1.noarch.rpm - Scientific Linux Development Team . Recent updates for Emacs on Scientific Linux SL7 fix a critical command injection vulnerability that could enable attackers to run arbitrary commands. Emacs Security Fix, Command Injection Update, Scientific Linux Advisory. . LinuxSecurity.com Team
Jun 07, 2023
Scientific Linux
98
security advisoryRed Hat Enterprise Linuxsecurity impactRed Hat Enterprise Linux 8.1: RHSA-2023-3189-01 Important Emacs Fix
An update for emacs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: emacs security update Advisory ID: RHSA-2023:3189-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3189 Issue date: 2023-05-17 CVE Names: CVE-2023-28617 ==================================================================== 1. Summary: An update for emacs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - noarch 3. Description: GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: command injection vulnerability in org-mode (CVE-2023-28617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2180544 - CVE-2023-28617emacs: command injection vulnerability in org-mode 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): aarch64: emacs-26.1-5.el8_1.1.aarch64.rpm emacs-common-26.1-5.el8_1.1.aarch64.rpm emacs-common-debuginfo-26.1-5.el8_1.1.aarch64.rpm emacs-debuginfo-26.1-5.el8_1.1.aarch64.rpm emacs-debugsource-26.1-5.el8_1.1.aarch64.rpm emacs-lucid-26.1-5.el8_1.1.aarch64.rpm emacs-lucid-debuginfo-26.1-5.el8_1.1.aarch64.rpm emacs-nox-26.1-5.el8_1.1.aarch64.rpm emacs-nox-debuginfo-26.1-5.el8_1.1.aarch64.rpm noarch: emacs-terminal-26.1-5.el8_1.1.noarch.rpm ppc64le: emacs-26.1-5.el8_1.1.ppc64le.rpm emacs-common-26.1-5.el8_1.1.ppc64le.rpm emacs-common-debuginfo-26.1-5.el8_1.1.ppc64le.rpm emacs-debuginfo-26.1-5.el8_1.1.ppc64le.rpm emacs-debugsource-26.1-5.el8_1.1.ppc64le.rpm emacs-lucid-26.1-5.el8_1.1.ppc64le.rpm emacs-lucid-debuginfo-26.1-5.el8_1.1.ppc64le.rpm emacs-nox-26.1-5.el8_1.1.ppc64le.rpm emacs-nox-debuginfo-26.1-5.el8_1.1.ppc64le.rpm s390x: emacs-26.1-5.el8_1.1.s390x.rpm emacs-common-26.1-5.el8_1.1.s390x.rpm emacs-common-debuginfo-26.1-5.el8_1.1.s390x.rpm emacs-debuginfo-26.1-5.el8_1.1.s390x.rpm emacs-debugsource-26.1-5.el8_1.1.s390x.rpm emacs-lucid-26.1-5.el8_1.1.s390x.rpm emacs-lucid-debuginfo-26.1-5.el8_1.1.s390x.rpm emacs-nox-26.1-5.el8_1.1.s390x.rpm emacs-nox-debuginfo-26.1-5.el8_1.1.s390x.rpm x86_64: emacs-26.1-5.el8_1.1.x86_64.rpm emacs-common-26.1-5.el8_1.1.x86_64.rpm emacs-common-debuginfo-26.1-5.el8_1.1.x86_64.rpm emacs-debuginfo-26.1-5.el8_1.1.x86_64.rpm emacs-debugsource-26.1-5.el8_1.1.x86_64.rpm emacs-lucid-26.1-5.el8_1.1.x86_64.rpm emacs-lucid-debuginfo-26.1-5.el8_1.1.x86_64.rpm emacs-nox-26.1-5.el8_1.1.x86_64.rpm emacs-nox-debuginfo-26.1-5.el8_1.1.x86_64.rpm Red Hat Enterprise Linux BaseOS E4S (v. 8.1): Source: emacs-26.1-5.el8_1.1.src.rpm noarch: emacs-filesystem-26.1-5.el8_1.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-28617 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGUUk9zjgjWX9erEAQjobw/+KV0RHHT9w+lJ9bdU9dYXiknl1+OBRo1D SDr+h3OToTEXNVpwSYKpyqQVTG7bBW9hVXmVBR/QvAPfT0rBAg6zvBofnT/mlJoo K5gKCPReXvVqb9v8khGwKKXfXevRE2LzdYf4e2JgdqsG+3QqcqONaYrBz61g96lb HBY9NpbM4VVPyWAWjGB3mUA2On5bU0GaXkx7OeZDfaHmAzHou+0G4l1Fc7vPPk8O o3hh9h/NRrwZ9Tk1Qdd/y89Vr+X3HMPoy5npu36wOZaVf4CU7ThUBsUT4iy7EpDo qvIi4yke1NybIpXdCft68UZ4agRLvWej459mebFnN9/F4DJJOE7F/PS18Nht+cPJ F+TKSAncvUAIZclGFBWoFgiligq19guVsi01xZbBpqqODQta0j+SwXKMBHBg4wBg sZA+F6VUeih+beAvDTBPszyWpBcKj6lL/LEW3xHUgYsVsXIVmwqbRTseU4MogYoz pGOqowjJ59Xv/TAaM6BicfhNPGL70+R2+sopFsTL8u8S6NT1P5wZIr5UuOqmw93w jBC8dFDtqnFFfxuNYwGsXniUv7ANqLOA7dDrQ8dluxe62BbFQT+GrV++9po7duQl OAhb5czm81gHRNxy1w4uql7/Ab7+0EdEvqkEGJdZsIgY9g56ImGCoewswqRBP0q6 jXZtlV0sNaE=CEF2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 17, 2023
•Important
Red Hat
98
security advisorybuffer overflowsecurity impactRed Hat Enterprise Linux 8 RHSA-2023:3104-01 Important Emacs Update
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: emacs security update Advisory ID: RHSA-2023:3104-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3104 Issue date: 2023-05-16 CVE Names: CVE-2023-2491 ==================================================================== 1. Summary: An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - noarch 3. Description: GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux (CVE-2023-2491) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2192873 -CVE-2023-2491 emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: emacs-26.1-10.el8_8.2.aarch64.rpm emacs-common-26.1-10.el8_8.2.aarch64.rpm emacs-common-debuginfo-26.1-10.el8_8.2.aarch64.rpm emacs-debuginfo-26.1-10.el8_8.2.aarch64.rpm emacs-debugsource-26.1-10.el8_8.2.aarch64.rpm emacs-lucid-26.1-10.el8_8.2.aarch64.rpm emacs-lucid-debuginfo-26.1-10.el8_8.2.aarch64.rpm emacs-nox-26.1-10.el8_8.2.aarch64.rpm emacs-nox-debuginfo-26.1-10.el8_8.2.aarch64.rpm noarch: emacs-terminal-26.1-10.el8_8.2.noarch.rpm ppc64le: emacs-26.1-10.el8_8.2.ppc64le.rpm emacs-common-26.1-10.el8_8.2.ppc64le.rpm emacs-common-debuginfo-26.1-10.el8_8.2.ppc64le.rpm emacs-debuginfo-26.1-10.el8_8.2.ppc64le.rpm emacs-debugsource-26.1-10.el8_8.2.ppc64le.rpm emacs-lucid-26.1-10.el8_8.2.ppc64le.rpm emacs-lucid-debuginfo-26.1-10.el8_8.2.ppc64le.rpm emacs-nox-26.1-10.el8_8.2.ppc64le.rpm emacs-nox-debuginfo-26.1-10.el8_8.2.ppc64le.rpm s390x: emacs-26.1-10.el8_8.2.s390x.rpm emacs-common-26.1-10.el8_8.2.s390x.rpm emacs-common-debuginfo-26.1-10.el8_8.2.s390x.rpm emacs-debuginfo-26.1-10.el8_8.2.s390x.rpm emacs-debugsource-26.1-10.el8_8.2.s390x.rpm emacs-lucid-26.1-10.el8_8.2.s390x.rpm emacs-lucid-debuginfo-26.1-10.el8_8.2.s390x.rpm emacs-nox-26.1-10.el8_8.2.s390x.rpm emacs-nox-debuginfo-26.1-10.el8_8.2.s390x.rpm x86_64: emacs-26.1-10.el8_8.2.x86_64.rpm emacs-common-26.1-10.el8_8.2.x86_64.rpm emacs-common-debuginfo-26.1-10.el8_8.2.x86_64.rpm emacs-debuginfo-26.1-10.el8_8.2.x86_64.rpm emacs-debugsource-26.1-10.el8_8.2.x86_64.rpm emacs-lucid-26.1-10.el8_8.2.x86_64.rpm emacs-lucid-debuginfo-26.1-10.el8_8.2.x86_64.rpm emacs-nox-26.1-10.el8_8.2.x86_64.rpm emacs-nox-debuginfo-26.1-10.el8_8.2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: emacs-26.1-10.el8_8.2.src.rpm noarch: emacs-filesystem-26.1-10.el8_8.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNvGdzjgjWX9erEAQjWnhAAhoLxzCCz2O8hx2J5MzPtFxXTM3kq9RrR au6B36M9+/1ymmAp7l+WVFhkukWrrCX2ZA7NqD8b6Os2EGcHC9R5nN6mGoqmpySn zRhzUb4I3CPNElAYaJCAgrQfb3WDc19ebzNCTEEc5mvduymv1HPIU1JZ5lg+l6Cv B1S6Qi+VkNMU6xtWBrHBYXdV9s/VpuFpttympx+0tIdrz6lcn/aLOu19u9JiXO+r BoBTbhSbg3RGIFlHyWYWMq9Tk4oS8W5mA0fniYKqyvi6Vpq733pXmIRhUnHKyxTE DxpUYAKtrYqeHwFcnjjCI6ShCwnLXH27GuSdlAoGJywMcZEb4/N5FhG2rlapFFhf iYCUj7kn+L2Mz7idZw5sxMSAf0sGJpttOlP1Eu/FDLxzpgWbk1s3uZztTbleSMcg ER0dpW55s74DYC9dU+/Y+imj8d5r+/FRIbtdmpVzLHAHbdbuEsDMdxBqlDVygWyc JXT/GztNMKV4txZ/blH2NqsAfNdbvZWVePnkqD9+B94Gw0ZS2GI1rMedDL/PPqA+ BOo2WDnxdkzIxk5bPkajPlVswG0kdW7V7M6zSqQvPTeh3MWXbiAxfGlbOKDFaKRH h+Da5TOSmISh2TXsB3YDMRmKfz3TSvt58GcNqu7jCtXhQ4w7biE62ukIETdNB+y0 AYeYE0+F3jw=Sszj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
•Important
Red Hat
219
security advisoryimportant fixcommand injectionRocky Linux 9 RLSA-2023:2074 Important Emacs Fix for Command Injection
Important: emacs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:2074", "synopsis": "Important: emacs security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for emacs.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: command injection vulnerability in org-mode (CVE-2023-28617)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2180544", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2180544", "description": ""}], "cves": [{"name": "CVE-2023-28617", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28617", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-05-05T15:41:01.523985Z", "rpms": {"Rocky Linux 9": {"nvras": ["emacs-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-1:27.2-6.el9_1.1.s390x.rpm", "emacs-1:27.2-6.el9_1.1.src.rpm", "emacs-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-common-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-common-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-common-1:27.2-6.el9_1.1.s390x.rpm", "emacs-common-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-common-debuginfo-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-common-debuginfo-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-common-debuginfo-1:27.2-6.el9_1.1.s390x.rpm", "emacs-common-debuginfo-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-debuginfo-1:27.2-6.el9_1.1.aarch64.rpm","emacs-debuginfo-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-debuginfo-1:27.2-6.el9_1.1.s390x.rpm", "emacs-debuginfo-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-debugsource-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-debugsource-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-debugsource-1:27.2-6.el9_1.1.s390x.rpm", "emacs-debugsource-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-filesystem-1:27.2-6.el9_1.1.noarch.rpm", "emacs-lucid-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-lucid-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-lucid-1:27.2-6.el9_1.1.s390x.rpm", "emacs-lucid-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-lucid-debuginfo-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-lucid-debuginfo-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-lucid-debuginfo-1:27.2-6.el9_1.1.s390x.rpm", "emacs-lucid-debuginfo-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-nox-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-nox-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-nox-1:27.2-6.el9_1.1.s390x.rpm", "emacs-nox-1:27.2-6.el9_1.1.x86_64.rpm", "emacs-nox-debuginfo-1:27.2-6.el9_1.1.aarch64.rpm", "emacs-nox-debuginfo-1:27.2-6.el9_1.1.ppc64le.rpm", "emacs-nox-debuginfo-1:27.2-6.el9_1.1.s390x.rpm", "emacs-nox-debuginfo-1:27.2-6.el9_1.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A significant update for Emacs on Rocky Linux has been released, addressing command injection vulnerabilities and enhancing security measures.. Emacs Update, Rocky Linux Security, Command Injection, Important Emacs Fix, Linux Security Patch. . Severity: Important. LinuxSecurity.com Team
May 05, 2023
•Important
Rocky Linux
98
security advisoryimportant securityRed Hat EnterpriseRed Hat 8.4 RHSA-2023:1958-01 Important Emacs Command Injection
An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: emacs security update Advisory ID: RHSA-2023:1958-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1958 Issue date: 2023-04-25 CVE Names: CVE-2023-28617 ==================================================================== 1. Summary: An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.4) - noarch 3. Description: GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: command injection vulnerability in org-mode (CVE-2023-28617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2180544 - CVE-2023-28617 emacs: command injectionvulnerability in org-mode 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): aarch64: emacs-26.1-5.el8_4.1.aarch64.rpm emacs-common-26.1-5.el8_4.1.aarch64.rpm emacs-common-debuginfo-26.1-5.el8_4.1.aarch64.rpm emacs-debuginfo-26.1-5.el8_4.1.aarch64.rpm emacs-debugsource-26.1-5.el8_4.1.aarch64.rpm emacs-lucid-26.1-5.el8_4.1.aarch64.rpm emacs-lucid-debuginfo-26.1-5.el8_4.1.aarch64.rpm emacs-nox-26.1-5.el8_4.1.aarch64.rpm emacs-nox-debuginfo-26.1-5.el8_4.1.aarch64.rpm noarch: emacs-terminal-26.1-5.el8_4.1.noarch.rpm ppc64le: emacs-26.1-5.el8_4.1.ppc64le.rpm emacs-common-26.1-5.el8_4.1.ppc64le.rpm emacs-common-debuginfo-26.1-5.el8_4.1.ppc64le.rpm emacs-debuginfo-26.1-5.el8_4.1.ppc64le.rpm emacs-debugsource-26.1-5.el8_4.1.ppc64le.rpm emacs-lucid-26.1-5.el8_4.1.ppc64le.rpm emacs-lucid-debuginfo-26.1-5.el8_4.1.ppc64le.rpm emacs-nox-26.1-5.el8_4.1.ppc64le.rpm emacs-nox-debuginfo-26.1-5.el8_4.1.ppc64le.rpm s390x: emacs-26.1-5.el8_4.1.s390x.rpm emacs-common-26.1-5.el8_4.1.s390x.rpm emacs-common-debuginfo-26.1-5.el8_4.1.s390x.rpm emacs-debuginfo-26.1-5.el8_4.1.s390x.rpm emacs-debugsource-26.1-5.el8_4.1.s390x.rpm emacs-lucid-26.1-5.el8_4.1.s390x.rpm emacs-lucid-debuginfo-26.1-5.el8_4.1.s390x.rpm emacs-nox-26.1-5.el8_4.1.s390x.rpm emacs-nox-debuginfo-26.1-5.el8_4.1.s390x.rpm x86_64: emacs-26.1-5.el8_4.1.x86_64.rpm emacs-common-26.1-5.el8_4.1.x86_64.rpm emacs-common-debuginfo-26.1-5.el8_4.1.x86_64.rpm emacs-debuginfo-26.1-5.el8_4.1.x86_64.rpm emacs-debugsource-26.1-5.el8_4.1.x86_64.rpm emacs-lucid-26.1-5.el8_4.1.x86_64.rpm emacs-lucid-debuginfo-26.1-5.el8_4.1.x86_64.rpm emacs-nox-26.1-5.el8_4.1.x86_64.rpm emacs-nox-debuginfo-26.1-5.el8_4.1.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: emacs-26.1-5.el8_4.1.src.rpm noarch: emacs-filesystem-26.1-5.el8_4.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-28617 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEe/NdzjgjWX9erEAQjCSg//S/Fnb0Uwjcd0+Pr35bK5W0S/EfhvXbQK ZvCxZPEmPZ7BdpJv56seaCVzA85Xbeukkia76SJf8EZWzVqn4P/peQl2IxvbLxXF CyOeVGG+aXsAkz/KpSznKJK4KojlNpuOrWlMz3L0a+tB+AzbnoGiBGzjD0mlyoC3 vTy9FqLR0KclwujxrXBnWi8MT3kgYoritDH3dXuE8ba5VhCSr02dTcyLw4KIQX/Y c8NRpFTXzTPRt2tJh47E414ciOpVZJOI2mTKDEEYZchvcfH5ZhjtWWCyhcfifA6n uG3srt2V0sKz7ga8qE3X6his1Ickh7Xfct7aJpk0Xwi9YAYAKcJeE6HQe1LIwhrw Iv0CaJ+hZeWbX3xP0tmbZPsDCIvfU2efhJtaUgPmyCD152SJnUkL6keAMyt1h0AQ vj+AbIdLrcAG3Y8T1r1tKoQC3lWElNKHFyeFGprRzHk7wWFzNOdCoi/h6dvJQ0Di fU/qP5WxsPU8EaTL+vlUMFYkYmKIFp3WwvLhKEGFbHC6RGkW9tSt61D3mRGz8LJs QDxKDbC89s3azY0n5/zqJcLiIavL4+amb7OMABAxWBwbUPjhG5xoKDflyKsVjCGp PbCa254kJOrY3tD9kFMSDhReouueX9L+XUUmMWqvrUjMMGdxT5HM9rUVfBvOE4wu /Wha8PmNr5I=wD2R -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 25, 2023
•Important
Red Hat
202
security advisoryremote code executionimportant fixopenSUSE Leap 42.3: 2017:2535-1 Important: Emacs Remote Execution
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for emacs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2535-1 Rating: important References: #1058425 Cross-References: CVE-2017-14482 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with "Content-Type: text/enriched" (bsc#1058425) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1078=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1078=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): emacs-24.3-28.1 emacs-debuginfo-24.3-28.1 emacs-debugsource-24.3-28.1 emacs-nox-24.3-28.1 emacs-nox-debuginfo-24.3-28.1 emacs-x11-24.3-28.1 emacs-x11-debuginfo-24.3-28.1 etags-24.3-28.1 etags-debuginfo-24.3-28.1 - openSUSE Leap 42.3 (noarch): emacs-el-24.3-28.1 emacs-info-24.3-28.1 - openSUSE Leap 42.2 (i586 x86_64): emacs-24.3-24.6.1 emacs-debuginfo-24.3-24.6.1 emacs-debugsource-24.3-24.6.1 emacs-nox-24.3-24.6.1 emacs-nox-debuginfo-24.3-24.6.1 emacs-x11-24.3-24.6.1 emacs-x11-debuginfo-24.3-24.6.1 etags-24.3-24.6.1 etags-debuginfo-24.3-24.6.1 - openSUSE Leap 42.2 (noarch): emacs-el-24.3-24.6.1 emacs-info-24.3-24.6.1 References: https://www.suse.com/security/cve/CVE-2017-14482.html https://bugzilla.suse.com/1058425 . This crucial Fedora patch tackles a vulnerability in vim, improving overall system performance and safeguarding against security threats.. openSUSE Security, emacs Update, Remote Execution Patch, Important Software Fix. . Severity: Important. LinuxSecurity.com Team
Sep 21, 2017
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!