Описание
Security update for emacs
This update for emacs fixes the following issues:
- CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Linux Enterprise Module for Basesystem 15 SP5
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Linux Enterprise Module for Basesystem 15 SP6
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
emacs-x11-27.2-150400.3.20.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
emacs-x11-27.2-150400.3.20.2
SUSE Linux Enterprise Server 15 SP4-LTSS
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Manager Proxy 4.3
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
SUSE Manager Server 4.3
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
openSUSE Leap 15.5
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
openSUSE Leap 15.6
emacs-27.2-150400.3.20.2
emacs-el-27.2-150400.3.20.2
emacs-info-27.2-150400.3.20.2
emacs-nox-27.2-150400.3.20.2
emacs-x11-27.2-150400.3.20.2
etags-27.2-150400.3.20.2
Ссылки
- Link for SUSE-SU-2024:4392-1
- E-Mail link for SUSE-SU-2024:4392-1
- SUSE Security Ratings
- SUSE Bug 1233894
- SUSE CVE CVE-2024-53920 page
Описание
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:emacs-27.2-150400.3.20.2
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:emacs-el-27.2-150400.3.20.2
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:emacs-info-27.2-150400.3.20.2
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:emacs-nox-27.2-150400.3.20.2
Ссылки
- CVE-2024-53920
- SUSE Bug 1233894