emacs-24.3-20.el7
エラータID: AXSA:2017-2282:02
GNU Emacs is a powerful, customizable, self-documenting text editor. It
provides special code editing features, a scripting language (elisp), and the
capability to read e-mail and news.
Security Fix(es):
* A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)
CVE-2017-14482
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code
via email with crafted "Content-Type: text/enriched" data containing an
x-display XML element that specifies execution of shell commands,
related to an unsafe text/enriched extension in
lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and
richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an
Emacs user can be instantly compromised by reading a crafted email
message (or Usenet news article).
Update packages.
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
N/A
SRPMS
- emacs-24.3-20.el7.src.rpm
MD5: e99564c4e51a31ee96489e9a8aac9994
SHA-256: de1bdcadf2a8d795ccde201a838bb7eed884d0f52e51f386adf83e045628d491
Size: 34.04 MB
Asianux Server 7 for x86_64
- emacs-24.3-20.el7.x86_64.rpm
MD5: 64593781ff8d92e8f9d5b554d1e26601
SHA-256: 540a88cf75536bd2d93cff32965296d409673f3e68be7ba3d4e3de3cf2d3b804
Size: 2.87 MB - emacs-common-24.3-20.el7.x86_64.rpm
MD5: 3a65575473fb5f9eff4c31c8994e8c35
SHA-256: b32deef3332b5d90322d26ac86b6a858586e5b12374a3e0c0e7bb0acbbd889a4
Size: 20.45 MB - emacs-filesystem-24.3-20.el7.noarch.rpm
MD5: 45ebb43f43ffe015e5a2838386b68cae
SHA-256: 08bf3a41daa249b11fe1b9b109325ede16cb48a143b5475a0a38c1cb38250bd1
Size: 56.95 kB - emacs-nox-24.3-20.el7.x86_64.rpm
MD5: 8d8f232ac2d7925a52fed9c28ba09b66
SHA-256: 7b9979dc13a34822fecb5f96f7934100ebf08969ea605e69ae3c1fe8ad6fbcf5
Size: 2.43 MB