emacs-24.3-20.el7

エラータID: AXSA:2017-2282:02

Release date: 
Friday, September 22, 2017 - 11:48
Subject: 
emacs-24.3-20.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

GNU Emacs is a powerful, customizable, self-documenting text editor. It
provides special code editing features, a scripting language (elisp), and the
capability to read e-mail and news.

Security Fix(es):

* A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)

CVE-2017-14482
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code
via email with crafted "Content-Type: text/enriched" data containing an
x-display XML element that specifies execution of shell commands,
related to an unsafe text/enriched extension in
lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and
richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an
Emacs user can be instantly compromised by reading a crafted email
message (or Usenet news article).

Solution: 

Update packages.

CVEs: 
CVE-2017-14482
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
Additional Info: 

N/A

Download: 

SRPMS
  1. emacs-24.3-20.el7.src.rpm
    MD5: e99564c4e51a31ee96489e9a8aac9994
    SHA-256: de1bdcadf2a8d795ccde201a838bb7eed884d0f52e51f386adf83e045628d491
    Size: 34.04 MB

Asianux Server 7 for x86_64
  1. emacs-24.3-20.el7.x86_64.rpm
    MD5: 64593781ff8d92e8f9d5b554d1e26601
    SHA-256: 540a88cf75536bd2d93cff32965296d409673f3e68be7ba3d4e3de3cf2d3b804
    Size: 2.87 MB
  2. emacs-common-24.3-20.el7.x86_64.rpm
    MD5: 3a65575473fb5f9eff4c31c8994e8c35
    SHA-256: b32deef3332b5d90322d26ac86b6a858586e5b12374a3e0c0e7bb0acbbd889a4
    Size: 20.45 MB
  3. emacs-filesystem-24.3-20.el7.noarch.rpm
    MD5: 45ebb43f43ffe015e5a2838386b68cae
    SHA-256: 08bf3a41daa249b11fe1b9b109325ede16cb48a143b5475a0a38c1cb38250bd1
    Size: 56.95 kB
  4. emacs-nox-24.3-20.el7.x86_64.rpm
    MD5: 8d8f232ac2d7925a52fed9c28ba09b66
    SHA-256: 7b9979dc13a34822fecb5f96f7934100ebf08969ea605e69ae3c1fe8ad6fbcf5
    Size: 2.43 MB