Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2366: Red Hat Security Advisory: emacs security and bug fix update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2366 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: emacs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for emacs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

  • emacs: ctags local command execution vulnerability (CVE-2022-45939)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 1979804 - emacs: portable dumper incompatible with 64K pages on aarch64
  • BZ - 2006856 - RPM inspection failure about hardening binaries
  • BZ - 2149380 - CVE-2022-45939 emacs: ctags local command execution vulnerability

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

emacs-27.2-8.el9.src.rpm

SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4

x86_64

emacs-27.2-8.el9.x86_64.rpm

SHA-256: e8bc86caeca481952d9bad3ba166aa2aec4b9f18299be1f72717adfc17131dc6

emacs-common-27.2-8.el9.x86_64.rpm

SHA-256: 5c7f54707d0060c9fe4b805e24d9fc061d3fb96f81d670da90830dba994c734e

emacs-common-debuginfo-27.2-8.el9.x86_64.rpm

SHA-256: 943a7b005fa21ec78b997810adce78de90c46ac12baf470e951e855512c1b53d

emacs-debuginfo-27.2-8.el9.x86_64.rpm

SHA-256: 225a60871b2f71baaba690ad4aef3f4d5f2bc4e6da50de030da70b9163f2e42a

emacs-debugsource-27.2-8.el9.x86_64.rpm

SHA-256: 54ca98a88336695c76730633be5c41023b93c8cc2a269feeb9bbe23ceba013bc

emacs-filesystem-27.2-8.el9.noarch.rpm

SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb

emacs-lucid-27.2-8.el9.x86_64.rpm

SHA-256: 3ffac59e135d7b234dd71f8a3ac78e6f835ed7ebfedf559f05e55079e0005f45

emacs-lucid-debuginfo-27.2-8.el9.x86_64.rpm

SHA-256: 5fea8356e081176321fc76015f2ec4560b601bf68b9d3d5916dbfdb2a9aefbab

emacs-nox-27.2-8.el9.x86_64.rpm

SHA-256: 9f531a73e5bdb7bdf8ccef38c3b14e39a18f09f171b62418fc651ae9d877c1c8

emacs-nox-debuginfo-27.2-8.el9.x86_64.rpm

SHA-256: 0fb6e825ec87e5185de5075dcb8f6adc19ce952bf1d1b14d9efbd8c55d4788ef

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

emacs-27.2-8.el9.src.rpm

SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4

s390x

emacs-27.2-8.el9.s390x.rpm

SHA-256: c090ebd75a91152603a78658e733628320bf5fe52e2ab870ccb961b7b09303da

emacs-common-27.2-8.el9.s390x.rpm

SHA-256: 3672b22711fe81701eb717226f05ce61bcaddb8432bfe3d75c657ca5760b073a

emacs-common-debuginfo-27.2-8.el9.s390x.rpm

SHA-256: 632eda87bbe40c866ac65945ee5c4b44a5b927074014af90bb15df2a66b85203

emacs-debuginfo-27.2-8.el9.s390x.rpm

SHA-256: 15134c22e3f515503e6f5099d8381ed89e4eeeb65b7171c0342aa58f0e1ee823

emacs-debugsource-27.2-8.el9.s390x.rpm

SHA-256: 72f7a42bd7a291f186068007e029e86bdbb1b6ccb3f5e430c79458446d6f6e8b

emacs-filesystem-27.2-8.el9.noarch.rpm

SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb

emacs-lucid-27.2-8.el9.s390x.rpm

SHA-256: 5f0ec5b20e8c940799818015c7ca7621defed080964b53927e70777869ef9a35

emacs-lucid-debuginfo-27.2-8.el9.s390x.rpm

SHA-256: 7647b4f77ad840500339b9e64f608a253e3163fcaccfd046bca8d9a7f41ec1f5

emacs-nox-27.2-8.el9.s390x.rpm

SHA-256: c8bb956e4de055eef86308a1d4b49d57c80caf26c305500a45991e833ca30308

emacs-nox-debuginfo-27.2-8.el9.s390x.rpm

SHA-256: dd0287c1fd45c37b2b07a7d107c5047ac473b53d59273bd289cdb7903cb485c5

Red Hat Enterprise Linux for Power, little endian 9

SRPM

emacs-27.2-8.el9.src.rpm

SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4

ppc64le

emacs-27.2-8.el9.ppc64le.rpm

SHA-256: 3cdd95c802b5075ca401920bcae98289aae1f2c2c09fd320e509a07eaa1718c3

emacs-common-27.2-8.el9.ppc64le.rpm

SHA-256: 7e168c91b255d000191fda080ab40a5ac279861af04bfaab534c045dcbdb41ef

emacs-common-debuginfo-27.2-8.el9.ppc64le.rpm

SHA-256: 60ca5a44b476fb5a1092b782fee51754eb56e5318e38bb788e2c0b7db8551ddd

emacs-debuginfo-27.2-8.el9.ppc64le.rpm

SHA-256: b562d3d5b93bf1dc1b79479fb6906939fed88de48465719728ad6c4edeeec43d

emacs-debugsource-27.2-8.el9.ppc64le.rpm

SHA-256: 526af32496a532a6b56934379c3ad87d2a3bac0cbd6839e8213ddf06d01188ff

emacs-filesystem-27.2-8.el9.noarch.rpm

SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb

emacs-lucid-27.2-8.el9.ppc64le.rpm

SHA-256: 94c5b8fa5487fb7be5b40fed7665833ddfab4e973de68a2b78c494e7c2bf6f80

emacs-lucid-debuginfo-27.2-8.el9.ppc64le.rpm

SHA-256: ba04c66d281d493be1ed6cb12622356887729b0b1e28eead09c90d0e5604a758

emacs-nox-27.2-8.el9.ppc64le.rpm

SHA-256: 6264c7c8029a877fca7b57642628814fd1eec7c27ee35f4cc9ccd69d45565771

emacs-nox-debuginfo-27.2-8.el9.ppc64le.rpm

SHA-256: 736321595dee82e994b46eb2209c48da2e20a68fa4867cad17837e5e2ca8d40a

Red Hat Enterprise Linux for ARM 64 9

SRPM

emacs-27.2-8.el9.src.rpm

SHA-256: eb696e44c5eb793b12730058d917d14681605e4b679b77af16e128eb461413f4

aarch64

emacs-27.2-8.el9.aarch64.rpm

SHA-256: 7f130df3cd52fc383aabebfd69b8012b16bc200157a8b92dd6b41eeb15917530

emacs-common-27.2-8.el9.aarch64.rpm

SHA-256: bdc3afbc989c052b70c3e83f814024eac2fcc116b35f48f87ffa678c03e0b0a2

emacs-common-debuginfo-27.2-8.el9.aarch64.rpm

SHA-256: 0578af7334cbd940d48adb2cc82872ed9dc2a840af79943168e62a5d6a9851fb

emacs-debuginfo-27.2-8.el9.aarch64.rpm

SHA-256: 06580ac4692308c2fbcbddbcc54f8578f7b497d7e8be1307f39382a1376d7ff2

emacs-debugsource-27.2-8.el9.aarch64.rpm

SHA-256: c478eb8ddd38a6dcb40f561f72c0ae927f1fa640acb59d6ad153eed37ba96375

emacs-filesystem-27.2-8.el9.noarch.rpm

SHA-256: 46d2ff5bc9cb27b83391992e9411d99caac192c2bc1a34b2bebf91c172b324cb

emacs-lucid-27.2-8.el9.aarch64.rpm

SHA-256: c2e1c4184134cf652fd387d11561cc7c9f280260c226c08e3c17b20af632b51a

emacs-lucid-debuginfo-27.2-8.el9.aarch64.rpm

SHA-256: 8c3e6a76f656e6502a90407bf856b5f5be49ffef820e5a2482a15cc0dcee8747

emacs-nox-27.2-8.el9.aarch64.rpm

SHA-256: 8238e7d5e92733b8d58a0e80583554b1169cd214cac27a494dd532f8a80689eb

emacs-nox-debuginfo-27.2-8.el9.aarch64.rpm

SHA-256: 10733bef1b68c5e791718e01b0ccb075f23adabf301d285c9858a17207989a85

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-7027-1

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

RHSA-2023:3042: Red Hat Security Advisory: emacs security and bug fix update

An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.

Red Hat Security Advisory 2023-2366-01

Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.

Debian Security Advisory 5314-1

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.

CVE-2022-45939

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.