logo
DATABASE RESOURCES PRICING ABOUT US

GNU Emacs: Command injection

Description

### Background GNU Emacs is a highly extensible and customizable text editor. ### Description A command injection flaw within the Emacs “enriched mode” handling has been discovered. ### Impact A remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the privileges of process. ### Workaround There is no known workaround at this time. ### Resolution All GNU Emacs 23.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r16:23" All GNU Emacs 24.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.5-r4:24" All GNU Emacs 25.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/emacs-25.2-r1:25"


Affected Package


OS OS Version Package Name Package Version
Gentoo any app-editors/emacs 23.4-r16

Related