Описание
Security update for emacs
This update for emacs fixes one issues.
This security issue was fixed:
- CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
emacs-24.3-28.1
emacs-el-24.3-28.1
emacs-info-24.3-28.1
emacs-nox-24.3-28.1
emacs-x11-24.3-28.1
etags-24.3-28.1
openSUSE Leap 42.3
emacs-24.3-28.1
emacs-el-24.3-28.1
emacs-info-24.3-28.1
emacs-nox-24.3-28.1
emacs-x11-24.3-28.1
etags-24.3-28.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2535-1
- SUSE Security Ratings
Описание
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
Затронутые продукты
openSUSE Leap 42.2:emacs-24.3-28.1
openSUSE Leap 42.2:emacs-el-24.3-28.1
openSUSE Leap 42.2:emacs-info-24.3-28.1
openSUSE Leap 42.2:emacs-nox-24.3-28.1
Ссылки
- CVE-2017-14482
- SUSE Bug 1058425