ELSA-2023-3104

Опубликовано: 25 мая 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-3104: emacs security update (IMPORTANT)

[1:26.1-10.2]

Bump release

[1:26.1-10.1]

Bump release

[1:26.1-10]

Fix ob-latex.el command injection vulnerability (#2180586)

[1:26.1-9]

Fix MH-E mail composition with GNU Mailutils (#1991156)

[1:26.1-8]

Fix ctags local command execute vulnerability (#2149386)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

emacs

26.1-10.el8_8.2

emacs-common

26.1-10.el8_8.2

emacs-filesystem

26.1-10.el8_8.2

emacs-lucid

26.1-10.el8_8.2

emacs-nox

26.1-10.el8_8.2

emacs-terminal

26.1-10.el8_8.2

Oracle Linux x86_64

emacs

26.1-10.el8_8.2

emacs-common

26.1-10.el8_8.2

emacs-filesystem

26.1-10.el8_8.2

emacs-lucid

26.1-10.el8_8.2

emacs-nox

26.1-10.el8_8.2

emacs-terminal

26.1-10.el8_8.2

Связанные CVE

CVE-2023-2491

Ссылки на источники

Связанные уязвимости

CVE-2023-2491

CVSS3: 7.8

ubuntu

около 2 лет назад

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.