RLSA-2024:6987 Moderate: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers...

emacs security update

An update is available for emacs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNU Emacs is a powerful, customizable, self-documenting text editor. It provide...

RockyLinux 8 : emacs (RLSA-2024:6987)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6987 advisory. emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers contents of remote files to be trusted CVE-2024-30205 emacs:...

USN-7375-1 org-mode vulnerabilities

It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28617 It was discovered that Org Mode could run...

SUSE CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

emacs security update

1:27.2-10 - Disable xwidgets RHEL-14551 - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - Make Gnus treats inline MIME contents as untrusted CVE-2024-30203 - Add protection for LaTeX preview CVE-2024-30204 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code...

emacs security update

1:26.1-12 - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 - Make Gnus treats inline MIME contents as untrusted CVE-2024-30203 - Disable xwidgets RHEL-14549...

Oracle Linux 8 : emacs (ELSA-2024-6987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6987 advisory. - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-393...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

emacs security update

1:27.2-10 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-39331 - Disable xwidgets RHEL-33447...

RHEL 9 : emacs (RHSA-2024:6510)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6510 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

SUSE SLES15 Security Update : emacs (SUSE-SU-2024:2297-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2297-1 advisory. - CVE-2024-30203: Fixed denial of service via MIME contents bsc1222053. - CVE-2024-30204: Fixed denial of service via LaTeX preview...