Описание
Security update for emacs
This update for emacs fixes the following issues:
- CVE-2024-30203: Fixed denial of service via MIME contents (bsc#1222053).
- CVE-2024-30204: Fixed denial of service via LaTeX preview in e-mail attachments (bsc#1222052).
- CVE-2024-30204: Fixed Org mode considers contents of remote files to be trusted (bsc#1222050).
- CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode (bsc#1226957).
Список пакетов
SUSE Enterprise Storage 7.1
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise Server 15 SP2-LTSS
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise Server 15 SP3-LTSS
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
emacs-25.3-150000.3.22.1
emacs-el-25.3-150000.3.22.1
emacs-info-25.3-150000.3.22.1
emacs-nox-25.3-150000.3.22.1
emacs-x11-25.3-150000.3.22.1
etags-25.3-150000.3.22.1
Ссылки
- Link for SUSE-SU-2024:2297-1
- E-Mail link for SUSE-SU-2024:2297-1
- SUSE Security Ratings
- SUSE Bug 1222050
- SUSE Bug 1222052
- SUSE Bug 1222053
- SUSE Bug 1226957
- SUSE CVE CVE-2024-30203 page
- SUSE CVE CVE-2024-30204 page
- SUSE CVE CVE-2024-30205 page
- SUSE CVE CVE-2024-39331 page
Описание
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.22.1
Ссылки
- CVE-2024-30203
- SUSE Bug 1222053
Описание
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.22.1
Ссылки
- CVE-2024-30204
- SUSE Bug 1222052
Описание
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.
Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.22.1
Ссылки
- CVE-2024-30205
- SUSE Bug 1222050
Описание
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
Затронутые продукты
SUSE Enterprise Storage 7.1:emacs-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-el-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-info-25.3-150000.3.22.1
SUSE Enterprise Storage 7.1:emacs-nox-25.3-150000.3.22.1
Ссылки
- CVE-2024-39331
- SUSE Bug 1226957