Amazon Linux 2022 Security Advisory: ALAS-2023-277
Advisory Release Date: 2023-01-20 16:44 Pacific
Advisory Updated Date: 2023-01-24 21:14 Pacific
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. (CVE-2022-45939)
Affected Packages:
emacs
Issue Correction:
Run dnf update emacs to update your system.
aarch64:
emacs-devel-28.1-2.amzn2022.0.1.aarch64
emacs-common-debuginfo-28.1-2.amzn2022.0.1.aarch64
emacs-debugsource-28.1-2.amzn2022.0.1.aarch64
emacs-common-28.1-2.amzn2022.0.1.aarch64
emacs-nox-28.1-2.amzn2022.0.1.aarch64
emacs-lucid-28.1-2.amzn2022.0.1.aarch64
emacs-28.1-2.amzn2022.0.1.aarch64
emacs-lucid-debuginfo-28.1-2.amzn2022.0.1.aarch64
emacs-nox-debuginfo-28.1-2.amzn2022.0.1.aarch64
emacs-debuginfo-28.1-2.amzn2022.0.1.aarch64
noarch:
emacs-terminal-28.1-2.amzn2022.0.1.noarch
emacs-filesystem-28.1-2.amzn2022.0.1.noarch
src:
emacs-28.1-2.amzn2022.0.1.src
x86_64:
emacs-common-debuginfo-28.1-2.amzn2022.0.1.x86_64
emacs-devel-28.1-2.amzn2022.0.1.x86_64
emacs-debugsource-28.1-2.amzn2022.0.1.x86_64
emacs-nox-28.1-2.amzn2022.0.1.x86_64
emacs-common-28.1-2.amzn2022.0.1.x86_64
emacs-lucid-28.1-2.amzn2022.0.1.x86_64
emacs-28.1-2.amzn2022.0.1.x86_64
emacs-nox-debuginfo-28.1-2.amzn2022.0.1.x86_64
emacs-debuginfo-28.1-2.amzn2022.0.1.x86_64
emacs-lucid-debuginfo-28.1-2.amzn2022.0.1.x86_64