Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3042: Red Hat Security Advisory: emacs security and bug fix update

An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-16

Updated:

2023-05-16

RHSA-2023:3042 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: emacs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for emacs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

  • emacs: ctags local command execution vulnerability (CVE-2022-45939)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 1991156 - Error given on trying to compose outgoing email - suggested fix included
  • BZ - 2149380 - CVE-2022-45939 emacs: ctags local command execution vulnerability

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Red Hat Enterprise Linux for x86_64 8

SRPM

emacs-26.1-9.el8.src.rpm

SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7

x86_64

emacs-26.1-9.el8.x86_64.rpm

SHA-256: 277e70f9408763251e6b637562cbe6c73a00074807f62109e6b9e7abf49ec0f4

emacs-common-26.1-9.el8.x86_64.rpm

SHA-256: 856f940fe5bea01a1a363087017d7292ecf9083a5afc039b764292c1e059ab88

emacs-common-debuginfo-26.1-9.el8.x86_64.rpm

SHA-256: 85940bc13d5e68e23524e4914350e280e8f17041697ddd9a0275bc4957062a84

emacs-debuginfo-26.1-9.el8.x86_64.rpm

SHA-256: 3fdc683c30bc1d39181aa35ac3811c9d3e1247f9d8556d9148e7265d96679e53

emacs-debugsource-26.1-9.el8.x86_64.rpm

SHA-256: eec750bfbe15df05c8dcbd88b1a0cf1b3861753e59845b2fe6643741acdae7ac

emacs-filesystem-26.1-9.el8.noarch.rpm

SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1

emacs-lucid-26.1-9.el8.x86_64.rpm

SHA-256: 6243f5efbc3ab0d774129f0188cf51a47577df8fafc175499222c201ce642030

emacs-lucid-debuginfo-26.1-9.el8.x86_64.rpm

SHA-256: 0066460f2a240603e20a148be221cb42ae832be53e17ae87a862b82e569718df

emacs-nox-26.1-9.el8.x86_64.rpm

SHA-256: e14e16d44ef21ce60c3f147fcffb3581090172b5f838e1cdfa97b1865bd42aba

emacs-nox-debuginfo-26.1-9.el8.x86_64.rpm

SHA-256: 8627508ea6ca99c38ce7380112b4e627df6b2388c18056455163613edb0e07f0

emacs-terminal-26.1-9.el8.noarch.rpm

SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

emacs-26.1-9.el8.src.rpm

SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7

s390x

emacs-26.1-9.el8.s390x.rpm

SHA-256: adb1ae36c22b35ec901cb4491242d591381139f63bf6b08c7ca29642ade27dcb

emacs-common-26.1-9.el8.s390x.rpm

SHA-256: a23bb46e23999fdc9e5c98535a234891812ecc0eefe6857ff59babb760967f14

emacs-common-debuginfo-26.1-9.el8.s390x.rpm

SHA-256: 8975ddc6b2932052ffcbb75be40d746656609a68066b5d0f5a26760eed5f38d4

emacs-debuginfo-26.1-9.el8.s390x.rpm

SHA-256: c5c96368ebe2af1be307e18369c783c247dbad875a10b7325a57745843f8aa45

emacs-debugsource-26.1-9.el8.s390x.rpm

SHA-256: e80c4fd9a20f5d036a75fa3f0d56793b8df71adaafdefafb787ef8c03f333ca7

emacs-filesystem-26.1-9.el8.noarch.rpm

SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1

emacs-lucid-26.1-9.el8.s390x.rpm

SHA-256: 0ff335e45286d77b9b6f321fd65fa32a30938e22663e8d0d1e279ca451314a1b

emacs-lucid-debuginfo-26.1-9.el8.s390x.rpm

SHA-256: 1a08ea83627394195f8bf7a2903c06e2a13f46d9d6686c5916a9ccad984049a8

emacs-nox-26.1-9.el8.s390x.rpm

SHA-256: e81ad81c2a7b46baaeb91f03176d26fafd265147f44fb13877b2e5852c0fcf20

emacs-nox-debuginfo-26.1-9.el8.s390x.rpm

SHA-256: ab7aefb2ff9a42f2e7cdc2233177df0acafc8e0710a9626da5dfb3a131217d7a

emacs-terminal-26.1-9.el8.noarch.rpm

SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1

Red Hat Enterprise Linux for Power, little endian 8

SRPM

emacs-26.1-9.el8.src.rpm

SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7

ppc64le

emacs-26.1-9.el8.ppc64le.rpm

SHA-256: 151015a50a48d1969ad098f90b312c3e5fb03275d03d7caf13af06373ec213ac

emacs-common-26.1-9.el8.ppc64le.rpm

SHA-256: ce4328216360cc7c36dd7c0f04b04adcd2a577b3623e5f88bc4420689f7656f3

emacs-common-debuginfo-26.1-9.el8.ppc64le.rpm

SHA-256: 1c3f38129bf00ef62c720ba39473dd18ce7796fd783bb4bbc2256fa5e243b128

emacs-debuginfo-26.1-9.el8.ppc64le.rpm

SHA-256: aaccc87506ddc5b7fcd7e716a5d4501515003865ebb6342d5bcb6623d80678d1

emacs-debugsource-26.1-9.el8.ppc64le.rpm

SHA-256: d842a9e5eddfa54166e129fbed167c076b1ce7ea998c76cd083de726c0a2cee6

emacs-filesystem-26.1-9.el8.noarch.rpm

SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1

emacs-lucid-26.1-9.el8.ppc64le.rpm

SHA-256: 64b559014bb863f099355aba08133460be9e331ea6515b37465acc276303f9dd

emacs-lucid-debuginfo-26.1-9.el8.ppc64le.rpm

SHA-256: e5e9daa83379d64c17529a56bfd74360fb629a0b4a9d6124f64c64352f873fac

emacs-nox-26.1-9.el8.ppc64le.rpm

SHA-256: 002c73b1c7d0c2cca3484843b6a0e2dee8abae882332f7db8f0cb04f32998aa9

emacs-nox-debuginfo-26.1-9.el8.ppc64le.rpm

SHA-256: 817dd4a02557ff39f80a8a45285974e9fef8f3f23418aefbbc1a9ca224653260

emacs-terminal-26.1-9.el8.noarch.rpm

SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1

Red Hat Enterprise Linux for ARM 64 8

SRPM

emacs-26.1-9.el8.src.rpm

SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7

aarch64

emacs-26.1-9.el8.aarch64.rpm

SHA-256: 101657719c66d4c3f24943d021f83e8508a30ca48fe87db45b9a2f2c3b4fe987

emacs-common-26.1-9.el8.aarch64.rpm

SHA-256: b48e5da6bc07358aa078aef8f9f043c7d897aa25a76844cd600de0c64a963b68

emacs-common-debuginfo-26.1-9.el8.aarch64.rpm

SHA-256: 1c71316e67dbcc83dde917ce473e26c23833c844e90bae83d9e4544eba85a8d0

emacs-debuginfo-26.1-9.el8.aarch64.rpm

SHA-256: 64fcc6ca8196d24ccbc8710216cbde6e0059906b7b8ff1afb81303bc6dec7d34

emacs-debugsource-26.1-9.el8.aarch64.rpm

SHA-256: 3c609971d25112c1ef80778630c8d8647ec49aa6321d475e3b34c65a687aae59

emacs-filesystem-26.1-9.el8.noarch.rpm

SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1

emacs-lucid-26.1-9.el8.aarch64.rpm

SHA-256: 1d7dcd7164268b82e7692676809264bbe31d251ffe4e238bcf20acf6ac0f8d46

emacs-lucid-debuginfo-26.1-9.el8.aarch64.rpm

SHA-256: 1300b0552d51f51546d6a2e1a8270cb57b7b7ed00273d266a555e3eec9a6fcdc

emacs-nox-26.1-9.el8.aarch64.rpm

SHA-256: 1f193453c4f04f8e31506966ffcef71beb28ff42c4df34eb9ec9e5c51d5ac80b

emacs-nox-debuginfo-26.1-9.el8.aarch64.rpm

SHA-256: 560145c196d458b8c7cec2dfeed9c20e1bcea0f97d5e00fbdc1ade0bdcb591e5

emacs-terminal-26.1-9.el8.noarch.rpm

SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Ubuntu Security Notice USN-7027-1

Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-2366-01

Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.

RHSA-2023:2366: Red Hat Security Advisory: emacs security and bug fix update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.

Debian Security Advisory 5314-1

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.

CVE-2022-45939

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.