ALAS-2017-912


Amazon Linux AMI Security Advisory: ALAS-2017-912
Advisory Release Date: 2017-10-13 00:11 Pacific
Severity: Important
References: CVE-2017-14482 

Issue Overview:

Command injection flaw within "enriched mode" handling:
A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482 )


Affected Packages:

emacs


Issue Correction:
Run yum update emacs to update your system.

New Packages:
i686:
    emacs-common-24.3-20.22.amzn1.i686
    emacs-24.3-20.22.amzn1.i686
    emacs-debuginfo-24.3-20.22.amzn1.i686

noarch:
    emacs-el-24.3-20.22.amzn1.noarch

src:
    emacs-24.3-20.22.amzn1.src

x86_64:
    emacs-24.3-20.22.amzn1.x86_64
    emacs-common-24.3-20.22.amzn1.x86_64
    emacs-debuginfo-24.3-20.22.amzn1.x86_64