Astra Linux - уязвимость в emacs

A vulnerability was discovered in GNU Emacs through version 28.2. The htmlfontify.el script has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir parameters come from external inputs, and these parameters are not escaped properly. If a...

MiracleLinux 8 : emacs-26.1-11.el8 (AXSA:2023-7128:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7128:10 advisory. emacs: command execution via shell metacharacters CVE-2022-48337 emacs: command injection vulnerability in htmlfontify.el CVE-2022-48339 Tenable has...

MiracleLinux 7 : emacs-24.3-23.el7.1 (AXSA:2023-5879:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5879:04 advisory. emacs: command injection vulnerability in htmlfontify.el CVE-2022-48339 Tenable has extracted the preceding description block directly from the MiracleLinux...

TencentOS Server 2: emacs (TSSA-2023:0127)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0127 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

emacs: command injection vulnerability in htmlfontify.el

A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed...

EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2023-2486)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2264)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

emacs security update

1:24.3-23.1 - Fix htmlfontify.el command injection vulnerability 2175177...

ALSA-2023:2626 Important: emacs security update

GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the capability to read e-mail and news. Security Fixes: emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux CVE-2023-2491 emacs: command execution...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command...

USN-5955-1 emacs24 vulnerability

It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands...

USN-5955-1: Emacs vulnerability

It was discovered that Emacs did not properly manage certain files when using htmlfontify functionality. A local attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary commands...

SUSE-SU-2023:0675-1 Security update for emacs

This update for emacs fixes the following issues: - CVE-2022-48337: Fixed etags local command injection vulnerability bsc1208515. - CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability bsc1208512...

OESA-2023-1148 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing,including a project...

MGASA-2023-0081 Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function the parameter file and parameter srcdir come from external input and parameters are not escaped. If a file name or directory name contains shell metacharacters code may be executed.

...

SUSE CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

AZL-13682 CVE-2022-48339 affecting package emacs for versions less than 28.2-4

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

UBUNTU-CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...