Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0675-1

Опубликовано: 08 мар. 2023
Источник: suse-cvrf

Описание

Security update for emacs

This update for emacs fixes the following issues:

  • CVE-2022-48337: Fixed etags local command injection vulnerability (bsc#1208515).
  • CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability (bsc#1208512).

Список пакетов

SUSE Enterprise Storage 7
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Real Time 15 SP3
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server 15 SP1-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server 15 SP2-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server 15 SP3-LTSS
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
emacs-x11-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Manager Proxy 4.2
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
etags-25.3-150000.3.15.1
SUSE Manager Server 4.2
emacs-25.3-150000.3.15.1
emacs-el-25.3-150000.3.15.1
emacs-info-25.3-150000.3.15.1
emacs-nox-25.3-150000.3.15.1
etags-25.3-150000.3.15.1

Ссылки

Описание

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.

Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.15.1
Ссылки

Описание

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.15.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.15.1
Ссылки