Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2532-1

Опубликовано: 20 сент. 2017
Источник: suse-cvrf

Описание

Security update for emacs

This update for emacs fixes one issues.

This security issue was fixed:

  • CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
emacs-22.3-42.3.1
emacs-el-22.3-42.3.1
emacs-info-22.3-42.3.1
emacs-nox-22.3-42.3.1
emacs-x11-22.3-42.3.1
SUSE Linux Enterprise Server 11 SP3-LTSS
emacs-22.3-42.3.1
emacs-el-22.3-42.3.1
emacs-info-22.3-42.3.1
emacs-nox-22.3-42.3.1
emacs-x11-22.3-42.3.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
emacs-22.3-42.3.1
emacs-el-22.3-42.3.1
emacs-info-22.3-42.3.1
emacs-nox-22.3-42.3.1
emacs-x11-22.3-42.3.1
SUSE Linux Enterprise Server 11 SP4
emacs-22.3-42.3.1
emacs-el-22.3-42.3.1
emacs-info-22.3-42.3.1
emacs-nox-22.3-42.3.1
emacs-x11-22.3-42.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
emacs-22.3-42.3.1
emacs-el-22.3-42.3.1
emacs-info-22.3-42.3.1
emacs-nox-22.3-42.3.1
emacs-x11-22.3-42.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
emacs-nox-22.3-42.3.1

Ссылки

Описание

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:emacs-22.3-42.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:emacs-el-22.3-42.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:emacs-info-22.3-42.3.1
SUSE Linux Enterprise Point of Sale 11 SP3:emacs-nox-22.3-42.3.1
Ссылки