emacs-24.3-23.el7.1

エラータID: AXSA:2023-5879:04

Release date: 
Wednesday, June 7, 2023 - 03:02
Subject: 
emacs-24.3-23.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides
special code editing features, a scripting language (elisp), and the capability
to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command
injection vulnerability. In the hfy-istext-command function, the parameter file
and parameter srcdir come from external input, and parameters are not escaped.
If a file name or directory name contains shell metacharacters, code may be
executed.

Solution: 

Update packages.

CVEs: 
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
Additional Info: 

N/A

Download: 

SRPMS
  1. emacs-24.3-23.el7.1.src.rpm
    MD5: 4ace5abcad82f63c84ff6de70b46ce59
    SHA-256: 03fb7f25580d369014dfbce302755897433df6e53e3c8ea1c533996e83ec06dd
    Size: 34.05 MB

Asianux Server 7 for x86_64
  1. emacs-24.3-23.el7.1.x86_64.rpm
    MD5: ea81351e9487796c1d0fac487fabcded
    SHA-256: d4fede5b5fab0807a222d303900eb5ee2cd6923880255ba2692e29ba961a59ee
    Size: 2.87 MB
  2. emacs-common-24.3-23.el7.1.x86_64.rpm
    MD5: 9e0f945d7d2d1bcfa583a4dd7745554a
    SHA-256: 8cc72a06a3ca6d3edfb53afd17080a74457733ac964195c848466dc9f546fce1
    Size: 20.47 MB
  3. emacs-filesystem-24.3-23.el7.1.noarch.rpm
    MD5: 2fb54ae7e3c6a9c385659a9ed6c6ef50
    SHA-256: 4309d796c18f4564552688c50a0353b8384a859baca59ad11094df71c2717a51
    Size: 57.50 kB
  4. emacs-nox-24.3-23.el7.1.x86_64.rpm
    MD5: bf575afa54299b9db9b9f7cd26af67b7
    SHA-256: 223e903e97323f571dac29437c6e5371a4dc298cd41ea19a4b9ec52e5e645605
    Size: 2.43 MB