Amazon Linux 2023 Security Advisory: ALAS-2023-147
Advisory Release Date: 2023-03-30 21:11 Pacific
Advisory Updated Date: 2023-04-04 21:33 Pacific
Severity:
Important
Issue Overview:
org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. (CVE-2023-28617)
Affected Packages:
emacs
Issue Correction:
Run dnf update emacs --releasever=2023.0.20230329 to update your system.
New Packages:
aarch64:
emacs-common-debuginfo-28.2-3.amzn2023.0.5.aarch64
emacs-nox-debuginfo-28.2-3.amzn2023.0.5.aarch64
emacs-devel-28.2-3.amzn2023.0.5.aarch64
emacs-lucid-debuginfo-28.2-3.amzn2023.0.5.aarch64
emacs-debuginfo-28.2-3.amzn2023.0.5.aarch64
emacs-debugsource-28.2-3.amzn2023.0.5.aarch64
emacs-lucid-28.2-3.amzn2023.0.5.aarch64
emacs-nox-28.2-3.amzn2023.0.5.aarch64
emacs-28.2-3.amzn2023.0.5.aarch64
emacs-common-28.2-3.amzn2023.0.5.aarch64
noarch:
emacs-terminal-28.2-3.amzn2023.0.5.noarch
emacs-filesystem-28.2-3.amzn2023.0.5.noarch
src:
emacs-28.2-3.amzn2023.0.5.src
x86_64:
emacs-common-debuginfo-28.2-3.amzn2023.0.5.x86_64
emacs-devel-28.2-3.amzn2023.0.5.x86_64
emacs-lucid-debuginfo-28.2-3.amzn2023.0.5.x86_64
emacs-debugsource-28.2-3.amzn2023.0.5.x86_64
emacs-debuginfo-28.2-3.amzn2023.0.5.x86_64
emacs-nox-debuginfo-28.2-3.amzn2023.0.5.x86_64
emacs-nox-28.2-3.amzn2023.0.5.x86_64
emacs-28.2-3.amzn2023.0.5.x86_64
emacs-lucid-28.2-3.amzn2023.0.5.x86_64
emacs-common-28.2-3.amzn2023.0.5.x86_64