ELSA-2023-2626

Опубликовано: 17 мая 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-2626: emacs security update (IMPORTANT)

[1:27.2-8.1]

Fix etags local command injection vulnerability (#2184369)
Fix htmlfontify.el command injection vulnerability (#2184368)
Fix ruby-mode.el local command injection vulnerability (#2184367)
Fix ob-latex.el command injection vulnerability (#2184377)

[1:27.2-8]

Use a 64KB page size for pdump (#1979804)

[1:27.2-7]

Fix ctags local command execute vulnerability (#2149387)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

emacs

27.2-8.el9

emacs

27.2-8.el9_2.1

emacs-common

27.2-8.el9

emacs-common

27.2-8.el9_2.1

emacs-filesystem

27.2-8.el9

emacs-filesystem

27.2-8.el9_2.1

emacs-lucid

27.2-8.el9

emacs-lucid

27.2-8.el9_2.1

emacs-nox

27.2-8.el9

emacs-nox

27.2-8.el9_2.1

Oracle Linux x86_64

emacs

27.2-8.el9

emacs

27.2-8.el9_2.1

emacs-common

27.2-8.el9

emacs-common

27.2-8.el9_2.1

emacs-filesystem

27.2-8.el9

emacs-filesystem

27.2-8.el9_2.1

emacs-lucid

27.2-8.el9

emacs-lucid

27.2-8.el9_2.1

emacs-nox

27.2-8.el9

emacs-nox

27.2-8.el9_2.1

Связанные CVE

Ссылки на источники

Связанные уязвимости

SUSE-SU-2023:0598-1

suse-cvrf

больше 2 лет назад

Security update for emacs

ROS-20240806-06

CVSS3: 9.8

redos

11 месяцев назад

Множественные уязвимости emacs

CVE-2022-48338

CVSS3: 7.3

ubuntu

больше 2 лет назад

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.

CVE-2022-48338

CVSS3: 7.3

redhat

больше 2 лет назад

CVE-2022-48338

CVSS3: 7.3

nvd

больше 2 лет назад