From 65737cf14a7220bd9a487aa2af4ae0e79bd23e86 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 8 Jan 2018 21:45:04 +0000 Subject: gentoo resync : 08.01.2018 --- metadata/glsa/glsa-201801-07.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-201801-07.xml (limited to 'metadata/glsa/glsa-201801-07.xml') diff --git a/metadata/glsa/glsa-201801-07.xml b/metadata/glsa/glsa-201801-07.xml new file mode 100644 index 000000000000..48b58e98c066 --- /dev/null +++ b/metadata/glsa/glsa-201801-07.xml @@ -0,0 +1,68 @@ + + + + GNU Emacs: Command injection + A vulnerability has been found in Emacs which may allow for + arbitrary command execution. + + Emacs + 2018-01-07 + 2018-01-08: 2 + 630680 + remote + + + 23.4-r16 + 24.5-r4 + 25.2-r1 + 23.4-r16 + 24.5-r4 + 25.2-r1 + + + +

GNU Emacs is a highly extensible and customizable text editor.

+ + +

A command injection flaw within the Emacs “enriched mode” handling + has been discovered. +

+ + +

A remote attacker, by enticing a user to open a specially crafted file, + could execute arbitrary commands with the privileges of process. +

+ + +

There is no known workaround at this time.

+ + +

All GNU Emacs 23.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-23.4-r16:23" + + +

All GNU Emacs 24.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-24.5-r4:24" + + +

All GNU Emacs 25.x users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/emacs-25.2-r1:25" + + + + + CVE-2017-14482 + + + jmbailey + jmbailey + -- cgit v1.2.3