Описание
Security update for emacs
This update for emacs fixes one issues.
This security issue was fixed:
- CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
emacs-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Desktop 12 SP3
emacs-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server 12 SP2
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server 12 SP3
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server 12-LTSS
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
SUSE OpenStack Cloud 6
emacs-24.3-25.3.1
emacs-el-24.3-25.3.1
emacs-info-24.3-25.3.1
emacs-nox-24.3-25.3.1
emacs-x11-24.3-25.3.1
etags-24.3-25.3.1
Ссылки
- Link for SUSE-SU-2017:2529-1
- E-Mail link for SUSE-SU-2017:2529-1
- SUSE Security Ratings
- SUSE Bug 1058425
- SUSE CVE CVE-2017-14482 page
Описание
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:emacs-24.3-25.3.1
SUSE Linux Enterprise Desktop 12 SP2:emacs-info-24.3-25.3.1
SUSE Linux Enterprise Desktop 12 SP2:emacs-x11-24.3-25.3.1
SUSE Linux Enterprise Desktop 12 SP2:etags-24.3-25.3.1
Ссылки
- CVE-2017-14482
- SUSE Bug 1058425