Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4305-1

Опубликовано: 01 дек. 2022
Источник: suse-cvrf

Описание

Security update for emacs

This update for emacs fixes the following issues:

  • CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP3-BCL
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP4-LTSS
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP5
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE OpenStack Cloud 9
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1
SUSE OpenStack Cloud Crowbar 9
emacs-24.3-25.9.1
emacs-el-24.3-25.9.1
emacs-info-24.3-25.9.1
emacs-nox-24.3-25.9.1
emacs-x11-24.3-25.9.1
etags-24.3-25.9.1

Ссылки

Описание

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:emacs-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP2-BCL:emacs-el-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP2-BCL:emacs-info-24.3-25.9.1
SUSE Linux Enterprise Server 12 SP2-BCL:emacs-nox-24.3-25.9.1
Ссылки
Уязвимость SUSE-SU-2022:4305-1