Amazon Linux 1 Security Advisory: ALAS-2017-912
Advisory Release Date: 2017-10-12 20:38 Pacific
Advisory Updated Date: 2017-10-13 00:11 Pacific
Command injection flaw within "enriched mode" handling:
A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)
Affected Packages:
emacs
Issue Correction:
Run yum update emacs to update your system.
i686:
emacs-common-24.3-20.22.amzn1.i686
emacs-24.3-20.22.amzn1.i686
emacs-debuginfo-24.3-20.22.amzn1.i686
noarch:
emacs-el-24.3-20.22.amzn1.noarch
src:
emacs-24.3-20.22.amzn1.src
x86_64:
emacs-24.3-20.22.amzn1.x86_64
emacs-common-24.3-20.22.amzn1.x86_64
emacs-debuginfo-24.3-20.22.amzn1.x86_64