emacs-27.2-8.el9
エラータID: AXSA:2023-5619:03
リリース日:
2023/05/29 Monday - 12:46
題名:
emacs-27.2-8.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GNU Emacs の etags コマンドには、system(3) 関数を用いて引数を
シェルにそのまま引き渡してしまう問題があるため、ローカルの攻撃者
により、シェルのメタ文字を含む細工されたファイル名の指定を介して、
任意のコマンドの実行を可能とする脆弱性が存在します。
(CVE-2022-45939)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
追加情報:
N/A
ダウンロード:
SRPMS
- emacs-27.2-8.el9.src.rpm
MD5: cef4c35bdd9e1b3e28e72f371f70996a
SHA-256: c10a8cceb32a3afd5a88e79edfc8323251f717782d153af29290095435cc2204
Size: 42.73 MB
Asianux Server 9 for x86_64
- emacs-27.2-8.el9.x86_64.rpm
MD5: 91d22dbaedbc0ae843670916505829b4
SHA-256: 27f0b521541842aab8a2e31ba5b9853646cfbfa1cf3e27c2f2467a7b33aee853
Size: 3.28 MB - emacs-common-27.2-8.el9.x86_64.rpm
MD5: dcd00395a6a16b1531b5d2bfda365e45
SHA-256: fcd0ae8727264dc40847c3a9a670eb8604ce01fdad56d3d45eb24f5d23b2a3ae
Size: 35.30 MB - emacs-filesystem-27.2-8.el9.noarch.rpm
MD5: 4be7ddffadec2a1a42d8a4a9d3aa3aa8
SHA-256: 52bfc7cd55abfbeb1ed8b7dc3837eca41c2e605dae7dd29160b17da7be6591c7
Size: 7.80 kB - emacs-lucid-27.2-8.el9.x86_64.rpm
MD5: 7b3cac20d2b8c1b54471da96bde63604
SHA-256: 08b175328ad33356aff659c8c939afe75a825f4e6efe2556c0426bd29603775e
Size: 3.24 MB - emacs-nox-27.2-8.el9.x86_64.rpm
MD5: f22fe9bf0f03cd66a150a3587a0621ff
SHA-256: 8663f27f80d8f993406d3e0a7abbb49ba15713f5e09567d5c69c4baa0084dd75
Size: 2.83 MB