GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 08, 2018 5:26 am Post subject: [ GLSA 201801-07 ] GNU Emacs |
|
|
Gentoo Linux Security Advisory
Title: GNU Emacs: Command injection (GLSA 201801-07)
Severity: normal
Exploitable: remote
Date: 2018-01-07
Bug(s): #630680
ID: 201801-07
Synopsis
A vulnerability has been found in Emacs which may allow for
arbitrary command execution.
Background
GNU Emacs is a highly extensible and customizable text editor.
Affected Packages
Package: app-editors/emacs
Vulnerable: < 23.4-r16
Vulnerable: < 24.5-r4
Vulnerable: < 25.2-r1
Unaffected: >= 23.4-r16
Unaffected: >= 24.5-r4
Unaffected: >= 25.2-r1
Architectures: All supported architectures
Description
A command injection flaw within the Emacs “enriched mode” handling
has been discovered.
Impact
A remote attacker, by enticing a user to open a specially crafted file,
could execute arbitrary commands with the privileges of process.
Workaround
There is no known workaround at this time.
Resolution
All GNU Emacs 23.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r16:23"
| All GNU Emacs 24.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-24.5-r4:24"
| All GNU Emacs 25.x users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-25.2-r1:25"
|
References
CVE-2017-14482
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 2 times in total |
|