Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1930: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Data
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

发布:

2023-04-24

已更新:

2023-04-24

RHSA-2023:1930 - Security Advisory

  • 概述
  • 更新的软件包

概述

Important: emacs security update

类型/严重性

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for emacs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

  • emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

修复

  • BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

参考

  • https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 8

SRPM

emacs-26.1-7.el8_7.1.src.rpm

SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c

x86_64

emacs-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 65c506ec4498de355eb0ab7c220281369c358d540910f7fb366bfa3e0a9cb5cb

emacs-common-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 72dd2828d7d0003404f342ee12b6fdd48010732054845d337db80c33dbc52cb3

emacs-common-debuginfo-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 178da07bb5fa1139288a7b9a02d11932d8ce84298659d9c829d9ab06d48ec1ea

emacs-debuginfo-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 8dfefe898fc7e68d8462e5cdb70c5219d440426d4c2baf34f85e5ad90a729cb9

emacs-debugsource-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 94720b0afe069de5f4b830f594b2ba8de5af4814e8e1cc7a2aa424573f278c3e

emacs-filesystem-26.1-7.el8_7.1.noarch.rpm

SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31

emacs-lucid-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 47d987ea5ff1bf36f27b1b2ec12bda0e8c5169e0835acb121f0bfa7b0e74805b

emacs-lucid-debuginfo-26.1-7.el8_7.1.x86_64.rpm

SHA-256: b066f87e4cc1fcde8466500b8a7576c6943af5786ce7b057ed6eb5776285cb5a

emacs-nox-26.1-7.el8_7.1.x86_64.rpm

SHA-256: ea6877d3a23afacfb316f1b31699fbb51950dca46ef380f594da9f86ac0e8e9a

emacs-nox-debuginfo-26.1-7.el8_7.1.x86_64.rpm

SHA-256: 18d8f412e5cec5ffcf9bfe6c8d60a5642aea77762d2cb24df7fead89aa8d06fa

emacs-terminal-26.1-7.el8_7.1.noarch.rpm

SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

emacs-26.1-7.el8_7.1.src.rpm

SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c

s390x

emacs-26.1-7.el8_7.1.s390x.rpm

SHA-256: f908d9563444bb723df7707dd77fcbc63637c8d714c7ffa9a6f2d88650e4c7de

emacs-common-26.1-7.el8_7.1.s390x.rpm

SHA-256: 2590438bd54049102aed126294d529fafd30d31a9c6a3d6b4449ce075a179146

emacs-common-debuginfo-26.1-7.el8_7.1.s390x.rpm

SHA-256: a5edb81344d90b2c5fd1a567db446a4c6ce09948ea2f22747d7bea0ecd12d11e

emacs-debuginfo-26.1-7.el8_7.1.s390x.rpm

SHA-256: 600055a28ea1b8f5e338fd72b330d910b7bfee05fc8e06631c7476ddc461f3c8

emacs-debugsource-26.1-7.el8_7.1.s390x.rpm

SHA-256: fc65bf809247a4f26d52fcee81e4d8951ae2dcf1aec38e353285352cd77fb692

emacs-filesystem-26.1-7.el8_7.1.noarch.rpm

SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31

emacs-lucid-26.1-7.el8_7.1.s390x.rpm

SHA-256: 91c6e34b2bc439f9d478b1d708b1d06bdbc098aa3c153fbfda1439952f0abf87

emacs-lucid-debuginfo-26.1-7.el8_7.1.s390x.rpm

SHA-256: 185acb115c459f1846222c66fe1ab0a95df1bd1ca545861dc0e6b0fae7aab2ab

emacs-nox-26.1-7.el8_7.1.s390x.rpm

SHA-256: a02e03b81e59d2d1b9f185c626af801a5bd82925080d8df1fcaea3306b5db5a6

emacs-nox-debuginfo-26.1-7.el8_7.1.s390x.rpm

SHA-256: 8f03af727cea88ac73fe393704bcc094d76a5016adac9b41050076e1b59e823a

emacs-terminal-26.1-7.el8_7.1.noarch.rpm

SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320

Red Hat Enterprise Linux for Power, little endian 8

SRPM

emacs-26.1-7.el8_7.1.src.rpm

SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c

ppc64le

emacs-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 50d1e99bc45ffd744fff7051d7ae307c913963b207d70e59b96354659475328d

emacs-common-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 3a39a587887a6eb8c8a683be06070978fa66a5eedf0c4c7986c31a82ebb2868f

emacs-common-debuginfo-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 90096e1bb33d8555d62984a49a5b98da3721ad68da15eb7787364f39fa97237f

emacs-debuginfo-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 967f30089aa0f1c85b2cd04acda816e969c9be4fc8a507b9ffc100e4918f88a3

emacs-debugsource-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 701e2279f0730734c6b0856aa9be8d337d2bf0180c1b1c0ccb86be8d72f43559

emacs-filesystem-26.1-7.el8_7.1.noarch.rpm

SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31

emacs-lucid-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: bc909cc3bcfa894b0d46bc45e37ec2e4a2392f6c6936e06663f7a7098d43d01b

emacs-lucid-debuginfo-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 916d7f4a016e59db989df50ea240f88b9c7959f473ee0df92abf9b418ddab1ab

emacs-nox-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: feaff1e49391db34d1955617570150d2f57d821a490b498057ac93dca041e005

emacs-nox-debuginfo-26.1-7.el8_7.1.ppc64le.rpm

SHA-256: 5401d06b3487e199e894abce4fc2b034619132e784b30da8617758c114fe42d3

emacs-terminal-26.1-7.el8_7.1.noarch.rpm

SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320

Red Hat Enterprise Linux for ARM 64 8

SRPM

emacs-26.1-7.el8_7.1.src.rpm

SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c

aarch64

emacs-26.1-7.el8_7.1.aarch64.rpm

SHA-256: 2c7efb850b9f3c12d4d6e4778c05624588d8e1779add3fafc4b6461b17e0d80c

emacs-common-26.1-7.el8_7.1.aarch64.rpm

SHA-256: 47bef794d497a86cc48d8cc9cb3566d6d327b07c95fe2142feddd9fe7e533090

emacs-common-debuginfo-26.1-7.el8_7.1.aarch64.rpm

SHA-256: bcc4615fd6f9b338b3c34a51af0f96188c4d150a1692abea32f67ba52bc08023

emacs-debuginfo-26.1-7.el8_7.1.aarch64.rpm

SHA-256: 8c91c37fea94c3d9279a10cee1f7543329e3b9ad01e3ff5c0a4f663b512e5840

emacs-debugsource-26.1-7.el8_7.1.aarch64.rpm

SHA-256: c67ea4f50f1e01a1c8a71bf93e9c1a17324253133dbb0c81a27a6ffa3b36435e

emacs-filesystem-26.1-7.el8_7.1.noarch.rpm

SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31

emacs-lucid-26.1-7.el8_7.1.aarch64.rpm

SHA-256: c2c6a9cf311e6c979c3188817594d9b17dec9d31f4435a63e7241e1a0326a652

emacs-lucid-debuginfo-26.1-7.el8_7.1.aarch64.rpm

SHA-256: 16f351e433b7eed76d994f18ddd4a4ff4c4e52f9c589132be324ff8d503bb3a5

emacs-nox-26.1-7.el8_7.1.aarch64.rpm

SHA-256: d5be49d0dfdd9d4f74d68267a0128e67b11b2e2b467afa333b1cb473486ed6bf

emacs-nox-debuginfo-26.1-7.el8_7.1.aarch64.rpm

SHA-256: ee739b9b60bbee3b4e83f98825a9056bc348996538f706dab221f526cc1b5c41

emacs-terminal-26.1-7.el8_7.1.noarch.rpm

SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Related news

RHSA-2023:3309: Red Hat Security Advisory: OpenShift Container Platform 4.11.42 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...

RHSA-2023:3265: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23539: A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. *...

Red Hat Security Advisory 2023-3189-01

Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-2110-01

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-2626-01

Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-2107-01

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

Red Hat Security Advisory 2023-2074-01

Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

RHSA-2023:2074: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.

Red Hat Security Advisory 2023-1958-01

Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

RHSA-2023:2010: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.

RHSA-2023:1958: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.

Red Hat Security Advisory 2023-1931-01

Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-1930-01

Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-1915-01

Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

RHSA-2023:1915: Red Hat Security Advisory: emacs security update

An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.

Ubuntu Security Notice USN-6003-1

Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.

CVE-2023-28617: [PATCH] Fix ob-latex.el command injection vulnerability.

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.