Lucene search

AmazonALAS2-2023-2012

HistoryApr 13, 2023 - 7:28 p.m.

Important: emacs

2023-04-1319:28:00

alas.aws.amazon.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.7%

JSON

Issue Overview:

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. (CVE-2023-28617)

Affected Packages:

emacs

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update emacs to update your system.

New Packages:

aarch64:  
    emacs-27.2-4.amzn2.0.4.aarch64  
    emacs-lucid-27.2-4.amzn2.0.4.aarch64  
    emacs-nox-27.2-4.amzn2.0.4.aarch64  
    emacs-common-27.2-4.amzn2.0.4.aarch64  
    emacs-devel-27.2-4.amzn2.0.4.aarch64  
    emacs-debuginfo-27.2-4.amzn2.0.4.aarch64  
  
i686:  
    emacs-27.2-4.amzn2.0.4.i686  
    emacs-lucid-27.2-4.amzn2.0.4.i686  
    emacs-nox-27.2-4.amzn2.0.4.i686  
    emacs-common-27.2-4.amzn2.0.4.i686  
    emacs-devel-27.2-4.amzn2.0.4.i686  
    emacs-debuginfo-27.2-4.amzn2.0.4.i686  
  
noarch:  
    emacs-terminal-27.2-4.amzn2.0.4.noarch  
    emacs-filesystem-27.2-4.amzn2.0.4.noarch  
  
src:  
    emacs-27.2-4.amzn2.0.4.src  
  
x86_64:  
    emacs-27.2-4.amzn2.0.4.x86_64  
    emacs-lucid-27.2-4.amzn2.0.4.x86_64  
    emacs-nox-27.2-4.amzn2.0.4.x86_64  
    emacs-common-27.2-4.amzn2.0.4.x86_64  
    emacs-devel-27.2-4.amzn2.0.4.x86_64  
    emacs-debuginfo-27.2-4.amzn2.0.4.x86_64

Additional References

Red Hat: CVE-2023-28617

Mitre: CVE-2023-28617

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64emacs< 27.2-4.amzn2.0.4emacs-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64emacs-lucid< 27.2-4.amzn2.0.4emacs-lucid-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64emacs-nox< 27.2-4.amzn2.0.4emacs-nox-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64emacs-common< 27.2-4.amzn2.0.4emacs-common-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64emacs-devel< 27.2-4.amzn2.0.4emacs-devel-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2aarch64emacs-debuginfo< 27.2-4.amzn2.0.4emacs-debuginfo-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux2i686emacs< 27.2-4.amzn2.0.4emacs-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux2i686emacs-lucid< 27.2-4.amzn2.0.4emacs-lucid-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux2i686emacs-nox< 27.2-4.amzn2.0.4emacs-nox-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux2i686emacs-common< 27.2-4.amzn2.0.4emacs-common-27.2-4.amzn2.0.4.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	emacs	< 27.2-4.amzn2.0.4	emacs-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	aarch64	emacs-lucid	< 27.2-4.amzn2.0.4	emacs-lucid-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	aarch64	emacs-nox	< 27.2-4.amzn2.0.4	emacs-nox-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	aarch64	emacs-common	< 27.2-4.amzn2.0.4	emacs-common-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	aarch64	emacs-devel	< 27.2-4.amzn2.0.4	emacs-devel-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	aarch64	emacs-debuginfo	< 27.2-4.amzn2.0.4	emacs-debuginfo-27.2-4.amzn2.0.4.aarch64.rpm
Amazon Linux	2	i686	emacs	< 27.2-4.amzn2.0.4	emacs-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux	2	i686	emacs-lucid	< 27.2-4.amzn2.0.4	emacs-lucid-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux	2	i686	emacs-nox	< 27.2-4.amzn2.0.4	emacs-nox-27.2-4.amzn2.0.4.i686.rpm
Amazon Linux	2	i686	emacs-common	< 27.2-4.amzn2.0.4	emacs-common-27.2-4.amzn2.0.4.i686.rpm