Headline
RHSA-2023:3042: Red Hat Security Advisory: emacs security and bug fix update
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:3042 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: emacs security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for emacs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: ctags local command execution vulnerability (CVE-2022-45939)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1991156 - Error given on trying to compose outgoing email - suggested fix included
- BZ - 2149380 - CVE-2022-45939 emacs: ctags local command execution vulnerability
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
emacs-26.1-9.el8.src.rpm
SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7
x86_64
emacs-26.1-9.el8.x86_64.rpm
SHA-256: 277e70f9408763251e6b637562cbe6c73a00074807f62109e6b9e7abf49ec0f4
emacs-common-26.1-9.el8.x86_64.rpm
SHA-256: 856f940fe5bea01a1a363087017d7292ecf9083a5afc039b764292c1e059ab88
emacs-common-debuginfo-26.1-9.el8.x86_64.rpm
SHA-256: 85940bc13d5e68e23524e4914350e280e8f17041697ddd9a0275bc4957062a84
emacs-debuginfo-26.1-9.el8.x86_64.rpm
SHA-256: 3fdc683c30bc1d39181aa35ac3811c9d3e1247f9d8556d9148e7265d96679e53
emacs-debugsource-26.1-9.el8.x86_64.rpm
SHA-256: eec750bfbe15df05c8dcbd88b1a0cf1b3861753e59845b2fe6643741acdae7ac
emacs-filesystem-26.1-9.el8.noarch.rpm
SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1
emacs-lucid-26.1-9.el8.x86_64.rpm
SHA-256: 6243f5efbc3ab0d774129f0188cf51a47577df8fafc175499222c201ce642030
emacs-lucid-debuginfo-26.1-9.el8.x86_64.rpm
SHA-256: 0066460f2a240603e20a148be221cb42ae832be53e17ae87a862b82e569718df
emacs-nox-26.1-9.el8.x86_64.rpm
SHA-256: e14e16d44ef21ce60c3f147fcffb3581090172b5f838e1cdfa97b1865bd42aba
emacs-nox-debuginfo-26.1-9.el8.x86_64.rpm
SHA-256: 8627508ea6ca99c38ce7380112b4e627df6b2388c18056455163613edb0e07f0
emacs-terminal-26.1-9.el8.noarch.rpm
SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
emacs-26.1-9.el8.src.rpm
SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7
s390x
emacs-26.1-9.el8.s390x.rpm
SHA-256: adb1ae36c22b35ec901cb4491242d591381139f63bf6b08c7ca29642ade27dcb
emacs-common-26.1-9.el8.s390x.rpm
SHA-256: a23bb46e23999fdc9e5c98535a234891812ecc0eefe6857ff59babb760967f14
emacs-common-debuginfo-26.1-9.el8.s390x.rpm
SHA-256: 8975ddc6b2932052ffcbb75be40d746656609a68066b5d0f5a26760eed5f38d4
emacs-debuginfo-26.1-9.el8.s390x.rpm
SHA-256: c5c96368ebe2af1be307e18369c783c247dbad875a10b7325a57745843f8aa45
emacs-debugsource-26.1-9.el8.s390x.rpm
SHA-256: e80c4fd9a20f5d036a75fa3f0d56793b8df71adaafdefafb787ef8c03f333ca7
emacs-filesystem-26.1-9.el8.noarch.rpm
SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1
emacs-lucid-26.1-9.el8.s390x.rpm
SHA-256: 0ff335e45286d77b9b6f321fd65fa32a30938e22663e8d0d1e279ca451314a1b
emacs-lucid-debuginfo-26.1-9.el8.s390x.rpm
SHA-256: 1a08ea83627394195f8bf7a2903c06e2a13f46d9d6686c5916a9ccad984049a8
emacs-nox-26.1-9.el8.s390x.rpm
SHA-256: e81ad81c2a7b46baaeb91f03176d26fafd265147f44fb13877b2e5852c0fcf20
emacs-nox-debuginfo-26.1-9.el8.s390x.rpm
SHA-256: ab7aefb2ff9a42f2e7cdc2233177df0acafc8e0710a9626da5dfb3a131217d7a
emacs-terminal-26.1-9.el8.noarch.rpm
SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1
Red Hat Enterprise Linux for Power, little endian 8
SRPM
emacs-26.1-9.el8.src.rpm
SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7
ppc64le
emacs-26.1-9.el8.ppc64le.rpm
SHA-256: 151015a50a48d1969ad098f90b312c3e5fb03275d03d7caf13af06373ec213ac
emacs-common-26.1-9.el8.ppc64le.rpm
SHA-256: ce4328216360cc7c36dd7c0f04b04adcd2a577b3623e5f88bc4420689f7656f3
emacs-common-debuginfo-26.1-9.el8.ppc64le.rpm
SHA-256: 1c3f38129bf00ef62c720ba39473dd18ce7796fd783bb4bbc2256fa5e243b128
emacs-debuginfo-26.1-9.el8.ppc64le.rpm
SHA-256: aaccc87506ddc5b7fcd7e716a5d4501515003865ebb6342d5bcb6623d80678d1
emacs-debugsource-26.1-9.el8.ppc64le.rpm
SHA-256: d842a9e5eddfa54166e129fbed167c076b1ce7ea998c76cd083de726c0a2cee6
emacs-filesystem-26.1-9.el8.noarch.rpm
SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1
emacs-lucid-26.1-9.el8.ppc64le.rpm
SHA-256: 64b559014bb863f099355aba08133460be9e331ea6515b37465acc276303f9dd
emacs-lucid-debuginfo-26.1-9.el8.ppc64le.rpm
SHA-256: e5e9daa83379d64c17529a56bfd74360fb629a0b4a9d6124f64c64352f873fac
emacs-nox-26.1-9.el8.ppc64le.rpm
SHA-256: 002c73b1c7d0c2cca3484843b6a0e2dee8abae882332f7db8f0cb04f32998aa9
emacs-nox-debuginfo-26.1-9.el8.ppc64le.rpm
SHA-256: 817dd4a02557ff39f80a8a45285974e9fef8f3f23418aefbbc1a9ca224653260
emacs-terminal-26.1-9.el8.noarch.rpm
SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1
Red Hat Enterprise Linux for ARM 64 8
SRPM
emacs-26.1-9.el8.src.rpm
SHA-256: 3e5564acf85479420835605b4f8a2d1110bb2df89a014e9c3e4bad13d85e92a7
aarch64
emacs-26.1-9.el8.aarch64.rpm
SHA-256: 101657719c66d4c3f24943d021f83e8508a30ca48fe87db45b9a2f2c3b4fe987
emacs-common-26.1-9.el8.aarch64.rpm
SHA-256: b48e5da6bc07358aa078aef8f9f043c7d897aa25a76844cd600de0c64a963b68
emacs-common-debuginfo-26.1-9.el8.aarch64.rpm
SHA-256: 1c71316e67dbcc83dde917ce473e26c23833c844e90bae83d9e4544eba85a8d0
emacs-debuginfo-26.1-9.el8.aarch64.rpm
SHA-256: 64fcc6ca8196d24ccbc8710216cbde6e0059906b7b8ff1afb81303bc6dec7d34
emacs-debugsource-26.1-9.el8.aarch64.rpm
SHA-256: 3c609971d25112c1ef80778630c8d8647ec49aa6321d475e3b34c65a687aae59
emacs-filesystem-26.1-9.el8.noarch.rpm
SHA-256: f4f4a8c59fa280baa836d8f654a864b5e4c196d2758828d8d5710f1bf5f049d1
emacs-lucid-26.1-9.el8.aarch64.rpm
SHA-256: 1d7dcd7164268b82e7692676809264bbe31d251ffe4e238bcf20acf6ac0f8d46
emacs-lucid-debuginfo-26.1-9.el8.aarch64.rpm
SHA-256: 1300b0552d51f51546d6a2e1a8270cb57b7b7ed00273d266a555e3eec9a6fcdc
emacs-nox-26.1-9.el8.aarch64.rpm
SHA-256: 1f193453c4f04f8e31506966ffcef71beb28ff42c4df34eb9ec9e5c51d5ac80b
emacs-nox-debuginfo-26.1-9.el8.aarch64.rpm
SHA-256: 560145c196d458b8c7cec2dfeed9c20e1bcea0f97d5e00fbdc1ade0bdcb591e5
emacs-terminal-26.1-9.el8.noarch.rpm
SHA-256: aa9c32a720182456630fa3e01cd324914ca6afe08724e535d6297c9b3157c0f1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-2366-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45939: A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.
Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.