diff options
author | Aaron Bauman <bman@gentoo.org> | 2018-01-07 18:48:38 -0500 |
---|---|---|
committer | Aaron Bauman <bman@gentoo.org> | 2018-01-07 18:48:38 -0500 |
commit | 4876a9eb9943c06c463565f62f22338aa6d93a01 (patch) | |
tree | 369b348461d294dc70d821425243d7f0199eedec /glsa-201801-07.xml | |
parent | Add GLSA 201801-06 (diff) | |
download | glsa-4876a9eb9943c06c463565f62f22338aa6d93a01.tar.gz glsa-4876a9eb9943c06c463565f62f22338aa6d93a01.tar.bz2 glsa-4876a9eb9943c06c463565f62f22338aa6d93a01.zip |
Add GLSA 201801-07
Diffstat (limited to 'glsa-201801-07.xml')
-rw-r--r-- | glsa-201801-07.xml | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/glsa-201801-07.xml b/glsa-201801-07.xml new file mode 100644 index 00000000..554e946d --- /dev/null +++ b/glsa-201801-07.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201801-07"> + <title>GNU Emacs: Command injection</title> + <synopsis>A vulnerability has been found in Emacs which may allow for + arbitrary command execution. + </synopsis> + <product type="ebuild">Emacs</product> + <announced>2018-01-07</announced> + <revised>2018-01-07: 1</revised> + <bug>630680</bug> + <access>remote</access> + <affected> + <package name="app-editors/emacs" auto="yes" arch="*"> + <unaffected range="ge" slot="23">23.4-r16</unaffected> + <unaffected range="ge" slot="24">24.5-r4</unaffected> + <unaffected range="ge" slot="25">25.2-r1</unaffected> + <vulnerable range="lt" slot="23">23.4-r16</vulnerable> + <vulnerable range="lt" slot="24">24.5-r4</vulnerable> + <vulnerable range="lt" slot="25">25.2-r1</vulnerable> + </package> + </affected> + <background> + <p>GNU Emacs is a highly extensible and customizable text editor.</p> + </background> + <description> + <p>A command injection flaw within the Emacs “enriched mode” handling + has been discovered. + </p> + </description> + <impact type="normal"> + <p>A remote attacker, by enticing a user to open a specially crafted file, + could execute arbitrary commands with the privileges of process. + </p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All GNU Emacs 23.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r16" + </code> + + <p>All GNU Emacs 24.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.5-r4" + </code> + + <p>All GNU Emacs 25.x users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-,25.2-r1" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14482"> + CVE-2017-14482 + </uri> + </references> + <metadata tag="requester" timestamp="2018-01-05T05:59:49Z">jmbailey</metadata> + <metadata tag="submitter" timestamp="2018-01-07T23:47:51Z">jmbailey</metadata> +</glsa> |