Amazon Linux 2023 Security Advisory: ALAS-2023-134
Advisory Release Date: 2023-03-20 18:27 Pacific
Advisory Updated Date: 2023-03-22 23:26 Pacific
Severity:
Important
Issue Overview:
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. (CVE-2023-27985)
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. (CVE-2023-27986)
Affected Packages:
emacs
Issue Correction:
Run dnf update --releasever=2023.0.20230322 emacs to update your system.
New Packages:
aarch64:
emacs-debuginfo-28.2-3.amzn2023.0.4.aarch64
emacs-common-debuginfo-28.2-3.amzn2023.0.4.aarch64
emacs-nox-debuginfo-28.2-3.amzn2023.0.4.aarch64
emacs-devel-28.2-3.amzn2023.0.4.aarch64
emacs-debugsource-28.2-3.amzn2023.0.4.aarch64
emacs-lucid-debuginfo-28.2-3.amzn2023.0.4.aarch64
emacs-28.2-3.amzn2023.0.4.aarch64
emacs-nox-28.2-3.amzn2023.0.4.aarch64
emacs-lucid-28.2-3.amzn2023.0.4.aarch64
emacs-common-28.2-3.amzn2023.0.4.aarch64
noarch:
emacs-filesystem-28.2-3.amzn2023.0.4.noarch
emacs-terminal-28.2-3.amzn2023.0.4.noarch
src:
emacs-28.2-3.amzn2023.0.4.src
x86_64:
emacs-lucid-debuginfo-28.2-3.amzn2023.0.4.x86_64
emacs-common-debuginfo-28.2-3.amzn2023.0.4.x86_64
emacs-devel-28.2-3.amzn2023.0.4.x86_64
emacs-nox-debuginfo-28.2-3.amzn2023.0.4.x86_64
emacs-debugsource-28.2-3.amzn2023.0.4.x86_64
emacs-debuginfo-28.2-3.amzn2023.0.4.x86_64
emacs-lucid-28.2-3.amzn2023.0.4.x86_64
emacs-28.2-3.amzn2023.0.4.x86_64
emacs-nox-28.2-3.amzn2023.0.4.x86_64
emacs-common-28.2-3.amzn2023.0.4.x86_64