Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2023-277

Related Vulnerabilities: CVE-2022-45939  

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. (CVE-2022-45939)

Source

ALAS2022-2023-277

Amazon Linux 2022 Security Advisory: ALAS-2023-277
Advisory Release Date: 2023-01-20 16:44 Pacific
Advisory Updated Date: 2023-01-24 21:14 Pacific
Severity: Important
References: CVE-2022-45939 
Issue Overview:

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. (CVE-2022-45939)


Affected Packages:

emacs


Issue Correction:
Run dnf update emacs to update your system.

New Packages:
aarch64:
    emacs-devel-28.1-2.amzn2022.0.1.aarch64
    emacs-common-debuginfo-28.1-2.amzn2022.0.1.aarch64
    emacs-debugsource-28.1-2.amzn2022.0.1.aarch64
    emacs-common-28.1-2.amzn2022.0.1.aarch64
    emacs-nox-28.1-2.amzn2022.0.1.aarch64
    emacs-lucid-28.1-2.amzn2022.0.1.aarch64
    emacs-28.1-2.amzn2022.0.1.aarch64
    emacs-lucid-debuginfo-28.1-2.amzn2022.0.1.aarch64
    emacs-nox-debuginfo-28.1-2.amzn2022.0.1.aarch64
    emacs-debuginfo-28.1-2.amzn2022.0.1.aarch64

i686:
    emacs-common-28.1-2.amzn2022.0.1.i686
    emacs-lucid-28.1-2.amzn2022.0.1.i686
    emacs-nox-28.1-2.amzn2022.0.1.i686
    emacs-28.1-2.amzn2022.0.1.i686
    emacs-debuginfo-28.1-2.amzn2022.0.1.i686
    emacs-lucid-debuginfo-28.1-2.amzn2022.0.1.i686
    emacs-nox-debuginfo-28.1-2.amzn2022.0.1.i686
    emacs-debugsource-28.1-2.amzn2022.0.1.i686
    emacs-common-debuginfo-28.1-2.amzn2022.0.1.i686
    emacs-devel-28.1-2.amzn2022.0.1.i686

noarch:
    emacs-terminal-28.1-2.amzn2022.0.1.noarch
    emacs-filesystem-28.1-2.amzn2022.0.1.noarch

src:
    emacs-28.1-2.amzn2022.0.1.src

x86_64:
    emacs-common-debuginfo-28.1-2.amzn2022.0.1.x86_64
    emacs-devel-28.1-2.amzn2022.0.1.x86_64
    emacs-debugsource-28.1-2.amzn2022.0.1.x86_64
    emacs-nox-28.1-2.amzn2022.0.1.x86_64
    emacs-common-28.1-2.amzn2022.0.1.x86_64
    emacs-lucid-28.1-2.amzn2022.0.1.x86_64
    emacs-28.1-2.amzn2022.0.1.x86_64
    emacs-nox-debuginfo-28.1-2.amzn2022.0.1.x86_64
    emacs-debuginfo-28.1-2.amzn2022.0.1.x86_64
    emacs-lucid-debuginfo-28.1-2.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2022-45939

Mitre: CVE-2022-45939

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started