-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: emacs security and bug fix update Advisory ID: RHSA-2023:2366-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2366 Issue date: 2023-05-09 CVE Names: CVE-2022-45939 ==================================================================== 1. Summary: An update for emacs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * emacs: ctags local command execution vulnerability (CVE-2022-45939) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1979804 - emacs: portable dumper incompatible with 64K pages on aarch64 2006856 - RPM inspection failure about hardening binaries 2149380 - CVE-2022-45939 emacs: ctags local command execution vulnerability 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: emacs-27.2-8.el9.src.rpm aarch64: emacs-27.2-8.el9.aarch64.rpm emacs-common-27.2-8.el9.aarch64.rpm emacs-common-debuginfo-27.2-8.el9.aarch64.rpm emacs-debuginfo-27.2-8.el9.aarch64.rpm emacs-debugsource-27.2-8.el9.aarch64.rpm emacs-lucid-27.2-8.el9.aarch64.rpm emacs-lucid-debuginfo-27.2-8.el9.aarch64.rpm emacs-nox-27.2-8.el9.aarch64.rpm emacs-nox-debuginfo-27.2-8.el9.aarch64.rpm noarch: emacs-filesystem-27.2-8.el9.noarch.rpm ppc64le: emacs-27.2-8.el9.ppc64le.rpm emacs-common-27.2-8.el9.ppc64le.rpm emacs-common-debuginfo-27.2-8.el9.ppc64le.rpm emacs-debuginfo-27.2-8.el9.ppc64le.rpm emacs-debugsource-27.2-8.el9.ppc64le.rpm emacs-lucid-27.2-8.el9.ppc64le.rpm emacs-lucid-debuginfo-27.2-8.el9.ppc64le.rpm emacs-nox-27.2-8.el9.ppc64le.rpm emacs-nox-debuginfo-27.2-8.el9.ppc64le.rpm s390x: emacs-27.2-8.el9.s390x.rpm emacs-common-27.2-8.el9.s390x.rpm emacs-common-debuginfo-27.2-8.el9.s390x.rpm emacs-debuginfo-27.2-8.el9.s390x.rpm emacs-debugsource-27.2-8.el9.s390x.rpm emacs-lucid-27.2-8.el9.s390x.rpm emacs-lucid-debuginfo-27.2-8.el9.s390x.rpm emacs-nox-27.2-8.el9.s390x.rpm emacs-nox-debuginfo-27.2-8.el9.s390x.rpm x86_64: emacs-27.2-8.el9.x86_64.rpm emacs-common-27.2-8.el9.x86_64.rpm emacs-common-debuginfo-27.2-8.el9.x86_64.rpm emacs-debuginfo-27.2-8.el9.x86_64.rpm emacs-debugsource-27.2-8.el9.x86_64.rpm emacs-lucid-27.2-8.el9.x86_64.rpm emacs-lucid-debuginfo-27.2-8.el9.x86_64.rpm emacs-nox-27.2-8.el9.x86_64.rpm emacs-nox-debuginfo-27.2-8.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45939 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo05dzjgjWX9erEAQhkGRAAgZmPnfUrJiQ4GzGO6S4lCkXW3GzoKkjK y9oCf/p4x7myiOVCU/rbdTLZlfObBqxqRSbh3tMmucG3vUVf5aymNyqlIki8fgWb BXqaaM9K0jbtHOBwLpIWXi89Yaw2AfkxMiM9ZrdffCcOf3kdTDOwI46R3oYgbqf4 yMZe5N9CSM7ZlhZkrzdfjL/9m1wGdHOl9ZNJp4ji0K+Zeb/hlUeHqKLbnX+Ag0mu QCnDDy7qm+ysNUYUjdFFs9SY43Ekaw1kayya6eQE0lUbUr32P6mmvw11so4QFV+g 6iNtK85sQtI6z5czUYMNYZDBHvkKSR7NYlQZa4GCMr5KLcmXIAyNWw8dQLhOmnkO zZGoE+SkL0bkU4lqNNUso4AXaGUkVFASEuL+BlJd9dT/ouQoF2lXu11mpoyvkENT yVUXAIZbB8/Z5IymIWiyNrJ2iQjlxPtAFO08bFM2CIBkGH0g1IlTPQMhHezLKuzA WHWjKUo5bSowP5DMPtsrddSEob6oyVZ4hvofaMtKQQFxMMvIUoW4Coi/AzarUBJj fkzb7uMGfH67rm3zinxjqxnWJjk882ALxG1Zu5sFxvOTywRMGEcaVMXFbYjY0w/F JctAn7NovBq7ksK3XBnlOd8ydebuFwgkZ7YLTMBhwLZ26E7ziV5CHnJ2laRVOkVd 7aMOi3Tm0Ts=+PB4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce