Headline
RHSA-2023:2074: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-02
Updated:
2023-05-02
RHSA-2023:2074 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: emacs security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for emacs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: command injection vulnerability in org-mode (CVE-2023-28617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode
Red Hat Enterprise Linux for x86_64 9
SRPM
emacs-27.2-6.el9_1.1.src.rpm
SHA-256: 5b7dd30ac5b43bbaef9c257b2e60b452cf520a0adff49a36e001b939f4def4ae
x86_64
emacs-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 195ce56997d3a250b6abba3af907c1f46e58da9b25bc376bc0707aa3d6608be0
emacs-common-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 87d5ca44c9d91ecc2655b09ee54c173f2b710782e1c15f467603bf93fa308aba
emacs-common-debuginfo-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 157a89451e48068194a9ae36f57c4c0356bb7858fe8ad0b105e31c226f71f25e
emacs-debuginfo-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 9f0d22e1cb4f92ff55a3a221900a4d7333d66628ccce21b59e2ed5948092aafd
emacs-debugsource-27.2-6.el9_1.1.x86_64.rpm
SHA-256: c09138b7823bde75e42c16368024902909b798be1e6dd5250e93569eeadfc08d
emacs-filesystem-27.2-6.el9_1.1.noarch.rpm
SHA-256: 8cf42ab253bb55e28ed82eb966c7726e62bec0010ab7296ca49910645808e5e8
emacs-lucid-27.2-6.el9_1.1.x86_64.rpm
SHA-256: ca90b3e04ac1ec08098bdc87568a2f8a47cb74a72c3daf7e602c5a964792a363
emacs-lucid-debuginfo-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 97a0406a1422ab31f1641bea8717fa6692292343a51addd4557712bcc8c780c0
emacs-nox-27.2-6.el9_1.1.x86_64.rpm
SHA-256: bb4f426f6bc3bb559221a732bf25a06938723b3b92c6c14fe8faaf83182cda45
emacs-nox-debuginfo-27.2-6.el9_1.1.x86_64.rpm
SHA-256: 4e065866c50a45a6297fa3ae59be04a24865f1214f0d3ec10734ee9b941009f4
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
emacs-27.2-6.el9_1.1.src.rpm
SHA-256: 5b7dd30ac5b43bbaef9c257b2e60b452cf520a0adff49a36e001b939f4def4ae
s390x
emacs-27.2-6.el9_1.1.s390x.rpm
SHA-256: 39e5a42487249bff7c75606ed24620352286f4b56bc068cf92a85e8286e998ab
emacs-common-27.2-6.el9_1.1.s390x.rpm
SHA-256: d62474d138e6db6fd6a17e8ac8f9aad521a2d9441651b6d8f1906bf23f8242a9
emacs-common-debuginfo-27.2-6.el9_1.1.s390x.rpm
SHA-256: 8414a6395b11ff890493731a10d8fdc5dc8cb207498eeddbaa2033640c50c07c
emacs-debuginfo-27.2-6.el9_1.1.s390x.rpm
SHA-256: 8525a08b30075bad8588f3b392437876681572bf02e3e7eeb7d7901b6e7c6e1a
emacs-debugsource-27.2-6.el9_1.1.s390x.rpm
SHA-256: a4f45e82a41f1b10fb68337d57466ecb1ca47fd174eca2d67289945c00a762de
emacs-filesystem-27.2-6.el9_1.1.noarch.rpm
SHA-256: 8cf42ab253bb55e28ed82eb966c7726e62bec0010ab7296ca49910645808e5e8
emacs-lucid-27.2-6.el9_1.1.s390x.rpm
SHA-256: 4f90ede55bc1761b3847603a68c1bc254f2d9dc3742ef3c3c7c44131c45a748d
emacs-lucid-debuginfo-27.2-6.el9_1.1.s390x.rpm
SHA-256: c2a0ca075a85bacb5b234cf164f000d695afea977b164c8fd60bf9fbfe382728
emacs-nox-27.2-6.el9_1.1.s390x.rpm
SHA-256: 4b961299fbef1ea50c1b7e6b92b035a25294101f069b11c2e0ae2e33492bdfe9
emacs-nox-debuginfo-27.2-6.el9_1.1.s390x.rpm
SHA-256: 650b3c227421bb765713507754a15be55ac12ee64bc58d239e475c4840f8d49a
Red Hat Enterprise Linux for Power, little endian 9
SRPM
emacs-27.2-6.el9_1.1.src.rpm
SHA-256: 5b7dd30ac5b43bbaef9c257b2e60b452cf520a0adff49a36e001b939f4def4ae
ppc64le
emacs-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: 2651ca0da2c3cc1470cf26f1bf1318814c13a70345ef5878462d3e346973f982
emacs-common-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: 023ad3816b04ad39805f4c061c7eaeaac8b9fb9dc9a73a7ce90ee3232b9c1849
emacs-common-debuginfo-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: 8c6602ebf7dcc60397d9fe02c5055969c7d826c7d89c2d982cfdca0c6866da21
emacs-debuginfo-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: 3ef63d81be638896e822233888e21d20ecb25b170ab51edd7867fd7497e81ecd
emacs-debugsource-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: bf62b800acd34bdd03d9ea260cbb8e675da66e609c48c2ec8b2cd6909f525522
emacs-filesystem-27.2-6.el9_1.1.noarch.rpm
SHA-256: 8cf42ab253bb55e28ed82eb966c7726e62bec0010ab7296ca49910645808e5e8
emacs-lucid-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: d354b5385c6b84f380a7b8069aecec06dfb2fe4d24dff80817b95b8b37ae6347
emacs-lucid-debuginfo-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: ae7e4ca776519b1167217dce419957ff978ed051ced863b10046ca8bc7e1636e
emacs-nox-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: 1b7e5fe8037f022535977413ca20f0c6fbd7c2d7b38ccfbedb99e8d4ea0f4966
emacs-nox-debuginfo-27.2-6.el9_1.1.ppc64le.rpm
SHA-256: ef32d487600d255c98e9917b751b9264fac20c8f545541ebd42f12e1f98bffea
Red Hat Enterprise Linux for ARM 64 9
SRPM
emacs-27.2-6.el9_1.1.src.rpm
SHA-256: 5b7dd30ac5b43bbaef9c257b2e60b452cf520a0adff49a36e001b939f4def4ae
aarch64
emacs-27.2-6.el9_1.1.aarch64.rpm
SHA-256: ea2a0522150287eec22cb252ecd1652cf27dc929c117b80933425d36b55a588b
emacs-common-27.2-6.el9_1.1.aarch64.rpm
SHA-256: fbd0a67b10a7df1ada5ff7ec784cc550234977a3dc5fbafe73bc4130ea8565a3
emacs-common-debuginfo-27.2-6.el9_1.1.aarch64.rpm
SHA-256: b573b68a1dab8b3bb927942ebe41972fe29931ef46fd406653b17e8b52f8066c
emacs-debuginfo-27.2-6.el9_1.1.aarch64.rpm
SHA-256: 45bc435656775b2cd3309bfd1ec4da69e234836b75158e739f53c29761974add
emacs-debugsource-27.2-6.el9_1.1.aarch64.rpm
SHA-256: 06f8eca9766b4f27e1f545d730a6d28f72d2552d891b4f23368a6670d53463e4
emacs-filesystem-27.2-6.el9_1.1.noarch.rpm
SHA-256: 8cf42ab253bb55e28ed82eb966c7726e62bec0010ab7296ca49910645808e5e8
emacs-lucid-27.2-6.el9_1.1.aarch64.rpm
SHA-256: 3d4a6b54483faa0a73cedb53a4341cd78524054a71e1a66d5739500c0ea59b43
emacs-lucid-debuginfo-27.2-6.el9_1.1.aarch64.rpm
SHA-256: 53a8b813f809571b2cf212b5db412a989814bee191807f809b4f065553d2ae19
emacs-nox-27.2-6.el9_1.1.aarch64.rpm
SHA-256: 2cec31948b4f4b5e5c2929d7041e381823793d3b5b9f6c8020342ed4b5868207
emacs-nox-debuginfo-27.2-6.el9_1.1.aarch64.rpm
SHA-256: a99279dcd524221f2c69d134d29b015060f8e08421f2e1f1470117f24cf042a1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23539: A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. *...
Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 9.2.
Red Hat OpenShift Container Platform release 4.12.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-48337: A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. * CVE-2022-48338: A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection. * CVE-2022-48339: A flaw was found in the Emacs package. If a file name or direc...
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.