Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:9448

Опубликовано: 04 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

  • emacs: arbitrary code execution via Lisp macro expansion (CVE-2024-53920)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
emacsx86_6414.el9_6.2emacs-27.2-14.el9_6.2.x86_64.rpm
emacs-commonx86_6414.el9_6.2emacs-common-27.2-14.el9_6.2.x86_64.rpm
emacs-filesystemnoarch14.el9_6.2emacs-filesystem-27.2-14.el9_6.2.noarch.rpm
emacs-filesystemnoarch14.el9_6.2emacs-filesystem-27.2-14.el9_6.2.noarch.rpm
emacs-filesystemnoarch14.el9_6.2emacs-filesystem-27.2-14.el9_6.2.noarch.rpm
emacs-filesystemnoarch14.el9_6.2emacs-filesystem-27.2-14.el9_6.2.noarch.rpm
emacs-lucidx86_6414.el9_6.2emacs-lucid-27.2-14.el9_6.2.x86_64.rpm
emacs-noxx86_6414.el9_6.2emacs-nox-27.2-14.el9_6.2.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-53920

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-53920

CVSS3: 7.8
ubuntu
около 1 года назад

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

redhat логотип

CVE-2024-53920

CVSS3: 7.8
redhat
около 1 года назад

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

nvd логотип

CVE-2024-53920

CVSS3: 7.8
nvd
около 1 года назад

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)

msrc логотип

CVE-2024-53920

CVSS3: 7.8
msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-53920

CVSS3: 7.8
debian
около 1 года назад

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invok ...