Headline
RHSA-2023:2366: Red Hat Security Advisory: emacs security and bug fix update
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2366 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: emacs security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for emacs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: ctags local command execution vulnerability (CVE-2022-45939)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 1979804 - emacs: portable dumper incompatible with 64K pages on aarch64
- BZ - 2006856 - RPM inspection failure about hardening binaries
- BZ - 2149380 - CVE-2022-45939 emacs: ctags local command execution vulnerability
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
emacs-27.2-8.el9.src.rpm
SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4
x86_64
emacs-27.2-8.el9.x86_64.rpm
SHA-256: e8bc86caeca481952d9bad3ba166aa2aec4b9f18299be1f72717adfc17131dc6
emacs-common-27.2-8.el9.x86_64.rpm
SHA-256: 5c7f54707d0060c9fe4b805e24d9fc061d3fb96f81d670da90830dba994c734e
emacs-common-debuginfo-27.2-8.el9.x86_64.rpm
SHA-256: 943a7b005fa21ec78b997810adce78de90c46ac12baf470e951e855512c1b53d
emacs-debuginfo-27.2-8.el9.x86_64.rpm
SHA-256: 225a60871b2f71baaba690ad4aef3f4d5f2bc4e6da50de030da70b9163f2e42a
emacs-debugsource-27.2-8.el9.x86_64.rpm
SHA-256: 54ca98a88336695c76730633be5c41023b93c8cc2a269feeb9bbe23ceba013bc
emacs-filesystem-27.2-8.el9.noarch.rpm
SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb
emacs-lucid-27.2-8.el9.x86_64.rpm
SHA-256: 3ffac59e135d7b234dd71f8a3ac78e6f835ed7ebfedf559f05e55079e0005f45
emacs-lucid-debuginfo-27.2-8.el9.x86_64.rpm
SHA-256: 5fea8356e081176321fc76015f2ec4560b601bf68b9d3d5916dbfdb2a9aefbab
emacs-nox-27.2-8.el9.x86_64.rpm
SHA-256: 9f531a73e5bdb7bdf8ccef38c3b14e39a18f09f171b62418fc651ae9d877c1c8
emacs-nox-debuginfo-27.2-8.el9.x86_64.rpm
SHA-256: 0fb6e825ec87e5185de5075dcb8f6adc19ce952bf1d1b14d9efbd8c55d4788ef
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
emacs-27.2-8.el9.src.rpm
SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4
s390x
emacs-27.2-8.el9.s390x.rpm
SHA-256: c090ebd75a91152603a78658e733628320bf5fe52e2ab870ccb961b7b09303da
emacs-common-27.2-8.el9.s390x.rpm
SHA-256: 3672b22711fe81701eb717226f05ce61bcaddb8432bfe3d75c657ca5760b073a
emacs-common-debuginfo-27.2-8.el9.s390x.rpm
SHA-256: 632eda87bbe40c866ac65945ee5c4b44a5b927074014af90bb15df2a66b85203
emacs-debuginfo-27.2-8.el9.s390x.rpm
SHA-256: 15134c22e3f515503e6f5099d8381ed89e4eeeb65b7171c0342aa58f0e1ee823
emacs-debugsource-27.2-8.el9.s390x.rpm
SHA-256: 72f7a42bd7a291f186068007e029e86bdbb1b6ccb3f5e430c79458446d6f6e8b
emacs-filesystem-27.2-8.el9.noarch.rpm
SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb
emacs-lucid-27.2-8.el9.s390x.rpm
SHA-256: 5f0ec5b20e8c940799818015c7ca7621defed080964b53927e70777869ef9a35
emacs-lucid-debuginfo-27.2-8.el9.s390x.rpm
SHA-256: 7647b4f77ad840500339b9e64f608a253e3163fcaccfd046bca8d9a7f41ec1f5
emacs-nox-27.2-8.el9.s390x.rpm
SHA-256: c8bb956e4de055eef86308a1d4b49d57c80caf26c305500a45991e833ca30308
emacs-nox-debuginfo-27.2-8.el9.s390x.rpm
SHA-256: dd0287c1fd45c37b2b07a7d107c5047ac473b53d59273bd289cdb7903cb485c5
Red Hat Enterprise Linux for Power, little endian 9
SRPM
emacs-27.2-8.el9.src.rpm
SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4
ppc64le
emacs-27.2-8.el9.ppc64le.rpm
SHA-256: 3cdd95c802b5075ca401920bcae98289aae1f2c2c09fd320e509a07eaa1718c3
emacs-common-27.2-8.el9.ppc64le.rpm
SHA-256: 7e168c91b255d000191fda080ab40a5ac279861af04bfaab534c045dcbdb41ef
emacs-common-debuginfo-27.2-8.el9.ppc64le.rpm
SHA-256: 60ca5a44b476fb5a1092b782fee51754eb56e5318e38bb788e2c0b7db8551ddd
emacs-debuginfo-27.2-8.el9.ppc64le.rpm
SHA-256: b562d3d5b93bf1dc1b79479fb6906939fed88de48465719728ad6c4edeeec43d
emacs-debugsource-27.2-8.el9.ppc64le.rpm
SHA-256: 526af32496a532a6b56934379c3ad87d2a3bac0cbd6839e8213ddf06d01188ff
emacs-filesystem-27.2-8.el9.noarch.rpm
SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb
emacs-lucid-27.2-8.el9.ppc64le.rpm
SHA-256: 94c5b8fa5487fb7be5b40fed7665833ddfab4e973de68a2b78c494e7c2bf6f80
emacs-lucid-debuginfo-27.2-8.el9.ppc64le.rpm
SHA-256: ba04c66d281d493be1ed6cb12622356887729b0b1e28eead09c90d0e5604a758
emacs-nox-27.2-8.el9.ppc64le.rpm
SHA-256: 6264c7c8029a877fca7b57642628814fd1eec7c27ee35f4cc9ccd69d45565771
emacs-nox-debuginfo-27.2-8.el9.ppc64le.rpm
SHA-256: 736321595dee82e994b46eb2209c48da2e20a68fa4867cad17837e5e2ca8d40a
Red Hat Enterprise Linux for ARM 64 9
SRPM
emacs-27.2-8.el9.src.rpm
SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4
aarch64
emacs-27.2-8.el9.aarch64.rpm
SHA-256: 7f130df3cd52fc383aabebfd69b8012b16bc200157a8b92dd6b41eeb15917530
emacs-common-27.2-8.el9.aarch64.rpm
SHA-256: bdc3afbc989c052b70c3e83f814024eac2fcc116b35f48f87ffa678c03e0b0a2
emacs-common-debuginfo-27.2-8.el9.aarch64.rpm
SHA-256: 0578af7334cbd940d48adb2cc82872ed9dc2a840af79943168e62a5d6a9851fb
emacs-debuginfo-27.2-8.el9.aarch64.rpm
SHA-256: 06580ac4692308c2fbcbddbcc54f8578f7b497d7e8be1307f39382a1376d7ff2
emacs-debugsource-27.2-8.el9.aarch64.rpm
SHA-256: c478eb8ddd38a6dcb40f561f72c0ae927f1fa640acb59d6ad153eed37ba96375
emacs-filesystem-27.2-8.el9.noarch.rpm
SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb
emacs-lucid-27.2-8.el9.aarch64.rpm
SHA-256: c2e1c4184134cf652fd387d11561cc7c9f280260c226c08e3c17b20af632b51a
emacs-lucid-debuginfo-27.2-8.el9.aarch64.rpm
SHA-256: 8c3e6a76f656e6502a90407bf856b5f5be49ffef820e5a2482a15cc0dcee8747
emacs-nox-27.2-8.el9.aarch64.rpm
SHA-256: 8238e7d5e92733b8d58a0e80583554b1169cd214cac27a494dd532f8a80689eb
emacs-nox-debuginfo-27.2-8.el9.aarch64.rpm
SHA-256: 10733bef1b68c5e791718e01b0ccb075f23adabf301d285c9858a17207989a85
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.
Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.