Headline
RHSA-2023:1915: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-20
Updated:
2023-04-20
RHSA-2023:1915 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: emacs security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for emacs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: command injection vulnerability in org-mode (CVE-2023-28617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
emacs-26.1-5.el8_2.1.src.rpm
SHA-256: 54dbbdb4184d53d6605ce4cab5002a6c0330ed08c1fba2b37f30c4ab9afeff27
x86_64
emacs-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 6a99043352965f010a036f6484e77322b23b8fa1c5b3a129dd4ed9ae0cfcedae
emacs-common-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 598d086d88cb6b96c7bec8390bc06fc98bd542676c34753789376b825607cbcb
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 59b345456046c665995cbc326af1d164049256ef065e3904355b1ff37732d55a
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 9637c49e35224b073f8f014635ea118a2f63273a2e556b974b95cd8be0a9fb30
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 0fe46bedf890b132e03b7c9cfa1d52bdf4763d6662b9fc2811dcc16ee497de11
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm
SHA-256: 6c797969db0562c57cc688f53deda427c0f9fe1b9eb9afe8490c14d0b726006e
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm
SHA-256: fffa1281cc2da3d039b7cdda650fdebf578d6ff412979d1e689debd2d76d8653
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 92e33f0aafafb96729ccd37699b1f7be4a2733c4ee17354e977dafcd4b0f9727
emacs-nox-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 4ab349fe996d301bcd8f00cc30b3ae1b108960eb136a1cca7de14a1d440d8382
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 5ded6eafe8ae3677c3957e1387f788110a896afa4938ffa7e9e1174ad21f46bd
emacs-terminal-26.1-5.el8_2.1.noarch.rpm
SHA-256: b236d32b964a61702564682aa524b630f6a45f0a4df8f0c5b0dc633eb11f0bda
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
emacs-26.1-5.el8_2.1.src.rpm
SHA-256: 54dbbdb4184d53d6605ce4cab5002a6c0330ed08c1fba2b37f30c4ab9afeff27
x86_64
emacs-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 6a99043352965f010a036f6484e77322b23b8fa1c5b3a129dd4ed9ae0cfcedae
emacs-common-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 598d086d88cb6b96c7bec8390bc06fc98bd542676c34753789376b825607cbcb
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 59b345456046c665995cbc326af1d164049256ef065e3904355b1ff37732d55a
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 9637c49e35224b073f8f014635ea118a2f63273a2e556b974b95cd8be0a9fb30
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 0fe46bedf890b132e03b7c9cfa1d52bdf4763d6662b9fc2811dcc16ee497de11
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm
SHA-256: 6c797969db0562c57cc688f53deda427c0f9fe1b9eb9afe8490c14d0b726006e
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm
SHA-256: fffa1281cc2da3d039b7cdda650fdebf578d6ff412979d1e689debd2d76d8653
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 92e33f0aafafb96729ccd37699b1f7be4a2733c4ee17354e977dafcd4b0f9727
emacs-nox-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 4ab349fe996d301bcd8f00cc30b3ae1b108960eb136a1cca7de14a1d440d8382
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 5ded6eafe8ae3677c3957e1387f788110a896afa4938ffa7e9e1174ad21f46bd
emacs-terminal-26.1-5.el8_2.1.noarch.rpm
SHA-256: b236d32b964a61702564682aa524b630f6a45f0a4df8f0c5b0dc633eb11f0bda
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
emacs-26.1-5.el8_2.1.src.rpm
SHA-256: 54dbbdb4184d53d6605ce4cab5002a6c0330ed08c1fba2b37f30c4ab9afeff27
ppc64le
emacs-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: d2a1729e2524eb1b0b684c8e996baa1641096aded53bd9bef926ae0f98cca0fb
emacs-common-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: a6a4edbe08d28350978fc4dd9acb2a633fe56a5c5e809b8d362d7245f794583e
emacs-common-debuginfo-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 2be10c8bd0394412b67b554571bdc4d3de874e3eb11eaba8c5b42d27d4af61a6
emacs-debuginfo-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 53c8601a1f6cc7c3df95244aca5e7a221c5c46bed158a6171701ee810a5a98e0
emacs-debugsource-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 862f6345659a3d4c0b56042f9ed5a21e89a4a6724a7e19d5e5ce4bacb4cee010
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm
SHA-256: 6c797969db0562c57cc688f53deda427c0f9fe1b9eb9afe8490c14d0b726006e
emacs-lucid-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 9ff5f04993350440f5abc796e40e9f260c05612c2cad7776f508da5bb102569a
emacs-lucid-debuginfo-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 5cce8f8cbf79f6555b084bcdc6758acb379cda35efd5afa79bad005cf4652790
emacs-nox-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: cfd648b849798d3b31cad95e508c180d13f1039c04f486585411a378f6f06579
emacs-nox-debuginfo-26.1-5.el8_2.1.ppc64le.rpm
SHA-256: 80e354acfb09542c0773c42233663ab6e2e6e031042f754cbdba6d68e7429ac9
emacs-terminal-26.1-5.el8_2.1.noarch.rpm
SHA-256: b236d32b964a61702564682aa524b630f6a45f0a4df8f0c5b0dc633eb11f0bda
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
emacs-26.1-5.el8_2.1.src.rpm
SHA-256: 54dbbdb4184d53d6605ce4cab5002a6c0330ed08c1fba2b37f30c4ab9afeff27
x86_64
emacs-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 6a99043352965f010a036f6484e77322b23b8fa1c5b3a129dd4ed9ae0cfcedae
emacs-common-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 598d086d88cb6b96c7bec8390bc06fc98bd542676c34753789376b825607cbcb
emacs-common-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 59b345456046c665995cbc326af1d164049256ef065e3904355b1ff37732d55a
emacs-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 9637c49e35224b073f8f014635ea118a2f63273a2e556b974b95cd8be0a9fb30
emacs-debugsource-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 0fe46bedf890b132e03b7c9cfa1d52bdf4763d6662b9fc2811dcc16ee497de11
emacs-filesystem-26.1-5.el8_2.1.noarch.rpm
SHA-256: 6c797969db0562c57cc688f53deda427c0f9fe1b9eb9afe8490c14d0b726006e
emacs-lucid-26.1-5.el8_2.1.x86_64.rpm
SHA-256: fffa1281cc2da3d039b7cdda650fdebf578d6ff412979d1e689debd2d76d8653
emacs-lucid-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 92e33f0aafafb96729ccd37699b1f7be4a2733c4ee17354e977dafcd4b0f9727
emacs-nox-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 4ab349fe996d301bcd8f00cc30b3ae1b108960eb136a1cca7de14a1d440d8382
emacs-nox-debuginfo-26.1-5.el8_2.1.x86_64.rpm
SHA-256: 5ded6eafe8ae3677c3957e1387f788110a896afa4938ffa7e9e1174ad21f46bd
emacs-terminal-26.1-5.el8_2.1.noarch.rpm
SHA-256: b236d32b964a61702564682aa524b630f6a45f0a4df8f0c5b0dc633eb11f0bda
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7027-1 - It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-41854: Those using Sn...
Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 9.2.
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-48337: A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. * CVE-2022-48338: A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection. * CVE-2022-48339: A flaw was found in the Emacs package. If a file name or direc...
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.