Описание
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Отчет
This issue only affects Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2, which introduced this regression via the following errata: https://access.redhat.com/errata/RHSA-2023:3042 (Red Hat Enterprise Linux 8.8) https://access.redhat.com/errata/RHSA-2023:2366 (Red Hat Enterprise Linux 9.2) These errata provided updates for emacs package, but did not include fixes for CVE-2023-28617. A user who installs or updates to Red Hat Enterprise Linux 8.8 or Red Hat Enterprise Linux 9.2 would be vulnerable to the CVE-2023-28617, even if they were properly fixed in Red Hat Enterprise Linux 8.7 and in Red Hat Enterprise Linux 9.1. The CVE-2023-2491 was assigned to that Red Hat specific security regression and it is not applicable to any upstream emacs version or emacs packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more details about the original security issue CVE-2023-28617, refer to the CVE page: https://access.redhat.com/security/cve/CVE-2023-28617.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | emacs | Not affected | ||
| Red Hat Enterprise Linux 7 | emacs | Not affected | ||
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2023:3104 | 16.05.2023 |
| Red Hat Enterprise Linux 8 | emacs | Fixed | RHSA-2023:3104 | 16.05.2023 |
| Red Hat Enterprise Linux 9 | emacs | Fixed | RHSA-2023:2626 | 09.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
A flaw was found in the Emacs text editor. Processing a specially craf ...
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
EPSS
7.8 High
CVSS3