emacs-27.2-8.el9.1

エラータID: AXSA:2023-6067:07

Release date: 
Friday, June 16, 2023 - 08:57
Subject: 
emacs-27.2-8.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.

Security Fix(es):

* emacs: Regression of CVE-2023-28617 fixes in the MIRACLE LINUX (CVE-2023-2491)
* emacs: command execution via shell metacharacters (CVE-2022-48337)
* emacs: local command injection in ruby-mode.el (CVE-2022-48338)
* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

Solution: 

Update packages.

CVEs: 
CVE-2022-48337
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.
CVE-2022-48338
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Additional Info: 

N/A

Download: 

SRPMS
  1. emacs-27.2-8.el9.1.src.rpm
    MD5: 022dda78567cccf5f934b47fcf49d389
    SHA-256: 9346e83b3af09052d6cb394cb4296f4c699d2552b7493d9d1bd24683fd24bf84
    Size: 42.74 MB

Asianux Server 9 for x86_64
  1. emacs-27.2-8.el9.1.x86_64.rpm
    MD5: 41c3fedea59018459818487de02f255b
    SHA-256: 858bf89886d07cf9af48258bd23b42a8772f576b5ceaa995b00b839ac5008cce
    Size: 3.28 MB
  2. emacs-common-27.2-8.el9.1.x86_64.rpm
    MD5: 95aa6caea081367c027e9f408babc13c
    SHA-256: eea0e0acf9234e09b259c7c77764c50b0ab03835b4999e4726ea6469ef55e93d
    Size: 35.34 MB
  3. emacs-filesystem-27.2-8.el9.1.noarch.rpm
    MD5: aa28836a54c8f68ff3c8a33124ebfa6d
    SHA-256: 0e01e7e4f581c0de0dcd8c66c6fa5968e0b0f20150068fc324183e128a58a5eb
    Size: 7.89 kB
  4. emacs-lucid-27.2-8.el9.1.x86_64.rpm
    MD5: d3b03ccc8c03cd716d72061b645cc314
    SHA-256: f9f3b7aa7b6e3b84a18482692c937c5e24893af5fedb069594feb418343de7b9
    Size: 3.24 MB
  5. emacs-nox-27.2-8.el9.1.x86_64.rpm
    MD5: b3d2dcbd85a12d83e8ef38eee2873dbc
    SHA-256: 37df8f4239c302bf2048c3cc283726aac155e94cdc56df8d6b5ac2487df83d37
    Size: 2.83 MB