Headline
RHSA-2023:3189: Red Hat Security Advisory: emacs security update
An update for emacs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-17
Updated:
2023-05-17
RHSA-2023:3189 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: emacs security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for emacs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
- emacs: command injection vulnerability in org-mode (CVE-2023-28617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
emacs-26.1-5.el8_1.1.src.rpm
SHA-256: c7aca01073162fbeb856ba27b017f128f71388dcedb8228df46a2a87e29fde5e
ppc64le
emacs-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: bfc747956f439b53b6c2e3cced93e873d258fee5fc7afeec7853ea73676e568c
emacs-common-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 570b227e07d1e3209ae135916ac85349c5ba1729304f782d81d9dba79aed64ba
emacs-common-debuginfo-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 0ee756fa8dcf67b96660c0206da725485204b7cb93cc2ed0f5767a3c26083f4b
emacs-debuginfo-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 13f98534d5c5ad1a482af1c3560efdc06e7213ebc39030feeb5cab308b1e8dbc
emacs-debugsource-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 09ba637acd7ec84ed0208fecb42216a2d23cab350cbaf4a1f7ad145480c58f5d
emacs-filesystem-26.1-5.el8_1.1.noarch.rpm
SHA-256: 7d9f909ab595280bc1a5812daaa358730fce549b7a859c85d37effbaaf232e5d
emacs-lucid-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 1fcdbcaa3501ddc43f62b96dff360603164f3642330a46f171adbd626d859e2a
emacs-lucid-debuginfo-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 954c515531e7f2c309bb8421669762df995491688c22f85053da4f3081476e22
emacs-nox-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: dfcc9189d27c1701b11b7a33e2dd100f00c1ba812b5567d3804f202baf771ea5
emacs-nox-debuginfo-26.1-5.el8_1.1.ppc64le.rpm
SHA-256: 72ec5262d8a696a881322838e794521518e92429732f68a938be9dd05a00c2fc
emacs-terminal-26.1-5.el8_1.1.noarch.rpm
SHA-256: 818b516f34fffa5e4b28aeee2385930781e520b2b57e8e7317108e715ec375fb
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
emacs-26.1-5.el8_1.1.src.rpm
SHA-256: c7aca01073162fbeb856ba27b017f128f71388dcedb8228df46a2a87e29fde5e
x86_64
emacs-26.1-5.el8_1.1.x86_64.rpm
SHA-256: c7864cc5b0ec315fcab4e174635fe90ddf590a59bd80324fc3cf1219bf7b0f37
emacs-common-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 0facdbc3314266bd5b1b49bce80fe9eb25a5e73f0c3438e9a38b444d210615ed
emacs-common-debuginfo-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 1ab98d3197410ed979b3c841263969fc62ec6b6dd0f5992f94fc41aaaa601619
emacs-debuginfo-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 32ea77b974ccce8e06ff75aa0c936faa6be8b7305b6e4582cf49297807c984e4
emacs-debugsource-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 6e6eaa4b02c10bf6917990fa1ebf62e4f17b1a5ca553098487effbef11611661
emacs-filesystem-26.1-5.el8_1.1.noarch.rpm
SHA-256: 7d9f909ab595280bc1a5812daaa358730fce549b7a859c85d37effbaaf232e5d
emacs-lucid-26.1-5.el8_1.1.x86_64.rpm
SHA-256: ad169c6a678cc49c398c40dd17600025a0b2608b761756a46c3552b832e73fb3
emacs-lucid-debuginfo-26.1-5.el8_1.1.x86_64.rpm
SHA-256: f0109c7518141179352b7e67e78b5d0426fa3f72d9d145ea3a1c20affdf9deb6
emacs-nox-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 95b8d2f1f3f9d5ae2447650de0fb68b66cc27354f0664a9cf69f632d0021609c
emacs-nox-debuginfo-26.1-5.el8_1.1.x86_64.rpm
SHA-256: 7e6a85695e8c9731a49f5b3c6b91866ed82cd910db794d8bff0d194fc0b6d616
emacs-terminal-26.1-5.el8_1.1.noarch.rpm
SHA-256: 818b516f34fffa5e4b28aeee2385930781e520b2b57e8e7317108e715ec375fb
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-3309-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.42. Issues addressed include a denial of service vulnerability.
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-41854: Those using Sn...
Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2491: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 9.2.
Red Hat OpenShift Container Platform release 4.12.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-2626-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-48337: A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. * CVE-2022-48338: A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection. * CVE-2022-48339: A flaw was found in the Emacs package. If a file name or direc...
Red Hat Security Advisory 2023-2074-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-28617: A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.
Red Hat Security Advisory 2023-1958-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-1915-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.
Ubuntu Security Notice 6003-1 - Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands.
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.