Headline
RHSA-2023:1930: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
发布:
2023-04-24
已更新:
2023-04-24
RHSA-2023:1930 - Security Advisory
- 概述
- 更新的软件包
概述
Important: emacs security update
类型/严重性
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
标题
An update for emacs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: command injection vulnerability in org-mode (CVE-2023-28617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
修复
- BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode
参考
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux for x86_64 8
SRPM
emacs-26.1-7.el8_7.1.src.rpm
SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c
x86_64
emacs-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 65c506ec4498de355eb0ab7c220281369c358d540910f7fb366bfa3e0a9cb5cb
emacs-common-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 72dd2828d7d0003404f342ee12b6fdd48010732054845d337db80c33dbc52cb3
emacs-common-debuginfo-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 178da07bb5fa1139288a7b9a02d11932d8ce84298659d9c829d9ab06d48ec1ea
emacs-debuginfo-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 8dfefe898fc7e68d8462e5cdb70c5219d440426d4c2baf34f85e5ad90a729cb9
emacs-debugsource-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 94720b0afe069de5f4b830f594b2ba8de5af4814e8e1cc7a2aa424573f278c3e
emacs-filesystem-26.1-7.el8_7.1.noarch.rpm
SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31
emacs-lucid-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 47d987ea5ff1bf36f27b1b2ec12bda0e8c5169e0835acb121f0bfa7b0e74805b
emacs-lucid-debuginfo-26.1-7.el8_7.1.x86_64.rpm
SHA-256: b066f87e4cc1fcde8466500b8a7576c6943af5786ce7b057ed6eb5776285cb5a
emacs-nox-26.1-7.el8_7.1.x86_64.rpm
SHA-256: ea6877d3a23afacfb316f1b31699fbb51950dca46ef380f594da9f86ac0e8e9a
emacs-nox-debuginfo-26.1-7.el8_7.1.x86_64.rpm
SHA-256: 18d8f412e5cec5ffcf9bfe6c8d60a5642aea77762d2cb24df7fead89aa8d06fa
emacs-terminal-26.1-7.el8_7.1.noarch.rpm
SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
emacs-26.1-7.el8_7.1.src.rpm
SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c
s390x
emacs-26.1-7.el8_7.1.s390x.rpm
SHA-256: f908d9563444bb723df7707dd77fcbc63637c8d714c7ffa9a6f2d88650e4c7de
emacs-common-26.1-7.el8_7.1.s390x.rpm
SHA-256: 2590438bd54049102aed126294d529fafd30d31a9c6a3d6b4449ce075a179146
emacs-common-debuginfo-26.1-7.el8_7.1.s390x.rpm
SHA-256: a5edb81344d90b2c5fd1a567db446a4c6ce09948ea2f22747d7bea0ecd12d11e
emacs-debuginfo-26.1-7.el8_7.1.s390x.rpm
SHA-256: 600055a28ea1b8f5e338fd72b330d910b7bfee05fc8e06631c7476ddc461f3c8
emacs-debugsource-26.1-7.el8_7.1.s390x.rpm
SHA-256: fc65bf809247a4f26d52fcee81e4d8951ae2dcf1aec38e353285352cd77fb692
emacs-filesystem-26.1-7.el8_7.1.noarch.rpm
SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31
emacs-lucid-26.1-7.el8_7.1.s390x.rpm
SHA-256: 91c6e34b2bc439f9d478b1d708b1d06bdbc098aa3c153fbfda1439952f0abf87
emacs-lucid-debuginfo-26.1-7.el8_7.1.s390x.rpm
SHA-256: 185acb115c459f1846222c66fe1ab0a95df1bd1ca545861dc0e6b0fae7aab2ab
emacs-nox-26.1-7.el8_7.1.s390x.rpm
SHA-256: a02e03b81e59d2d1b9f185c626af801a5bd82925080d8df1fcaea3306b5db5a6
emacs-nox-debuginfo-26.1-7.el8_7.1.s390x.rpm
SHA-256: 8f03af727cea88ac73fe393704bcc094d76a5016adac9b41050076e1b59e823a
emacs-terminal-26.1-7.el8_7.1.noarch.rpm
SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320
Red Hat Enterprise Linux for Power, little endian 8
SRPM
emacs-26.1-7.el8_7.1.src.rpm
SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c
ppc64le
emacs-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 50d1e99bc45ffd744fff7051d7ae307c913963b207d70e59b96354659475328d
emacs-common-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 3a39a587887a6eb8c8a683be06070978fa66a5eedf0c4c7986c31a82ebb2868f
emacs-common-debuginfo-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 90096e1bb33d8555d62984a49a5b98da3721ad68da15eb7787364f39fa97237f
emacs-debuginfo-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 967f30089aa0f1c85b2cd04acda816e969c9be4fc8a507b9ffc100e4918f88a3
emacs-debugsource-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 701e2279f0730734c6b0856aa9be8d337d2bf0180c1b1c0ccb86be8d72f43559
emacs-filesystem-26.1-7.el8_7.1.noarch.rpm
SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31
emacs-lucid-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: bc909cc3bcfa894b0d46bc45e37ec2e4a2392f6c6936e06663f7a7098d43d01b
emacs-lucid-debuginfo-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 916d7f4a016e59db989df50ea240f88b9c7959f473ee0df92abf9b418ddab1ab
emacs-nox-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: feaff1e49391db34d1955617570150d2f57d821a490b498057ac93dca041e005
emacs-nox-debuginfo-26.1-7.el8_7.1.ppc64le.rpm
SHA-256: 5401d06b3487e199e894abce4fc2b034619132e784b30da8617758c114fe42d3
emacs-terminal-26.1-7.el8_7.1.noarch.rpm
SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320
Red Hat Enterprise Linux for ARM 64 8
SRPM
emacs-26.1-7.el8_7.1.src.rpm
SHA-256: 1bec1fc12528af6690b18cdd7a37f259ccd43e1ad3c1b75db0de91f9aa53a50c
aarch64
emacs-26.1-7.el8_7.1.aarch64.rpm
SHA-256: 2c7efb850b9f3c12d4d6e4778c05624588d8e1779add3fafc4b6461b17e0d80c
emacs-common-26.1-7.el8_7.1.aarch64.rpm
SHA-256: 47bef794d497a86cc48d8cc9cb3566d6d327b07c95fe2142feddd9fe7e533090
emacs-common-debuginfo-26.1-7.el8_7.1.aarch64.rpm
SHA-256: bcc4615fd6f9b338b3c34a51af0f96188c4d150a1692abea32f67ba52bc08023
emacs-debuginfo-26.1-7.el8_7.1.aarch64.rpm
SHA-256: 8c91c37fea94c3d9279a10cee1f7543329e3b9ad01e3ff5c0a4f663b512e5840
emacs-debugsource-26.1-7.el8_7.1.aarch64.rpm
SHA-256: c67ea4f50f1e01a1c8a71bf93e9c1a17324253133dbb0c81a27a6ffa3b36435e
emacs-filesystem-26.1-7.el8_7.1.noarch.rpm
SHA-256: f4f5747e13541c15b201d0ffbbb626bc860643857e2f3df332bbb07cc28b6c31
emacs-lucid-26.1-7.el8_7.1.aarch64.rpm
SHA-256: c2c6a9cf311e6c979c3188817594d9b17dec9d31f4435a63e7241e1a0326a652
emacs-lucid-debuginfo-26.1-7.el8_7.1.aarch64.rpm
SHA-256: 16f351e433b7eed76d994f18ddd4a4ff4c4e52f9c589132be324ff8d503bb3a5
emacs-nox-26.1-7.el8_7.1.aarch64.rpm
SHA-256: d5be49d0dfdd9d4f74d68267a0128e67b11b2e2b467afa333b1cb473486ed6bf
emacs-nox-debuginfo-26.1-7.el8_7.1.aarch64.rpm
SHA-256: ee739b9b60bbee3b4e83f98825a9056bc348996538f706dab221f526cc1b5c41
emacs-terminal-26.1-7.el8_7.1.noarch.rpm
SHA-256: 7b939694c48bcffaf90b4e6935ed7231ad3481594d0e7db580c02868a1cca320
Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
Related news
Red Hat OpenShift Container Platform release 4.11.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23539: A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. *...
Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.