Arbitrary Command Injection Affecting emacs package, versions <1:26.1-10.el8_8.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-EMACS-5557490
- published 3 May 2023
- disclosed 9 May 2023
How to fix?
Upgrade RHEL:8
emacs
to version 1:26.1-10.el8_8.2 or higher.
This issue was patched in RHSA-2023:3104
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream emacs
package and not the emacs
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.