REDHAT-BUG-2192873: Command Injection
First published: Wed May 03 2023(Updated: )
The Emacs flaw <a href="https://access.redhat.com/security/cve/CVE-2023-28617">CVE-2023-28617</a> (<a class="bz_bug_link bz_status_NEW bz_public " title="NEW - CVE-2023-28617 emacs: command injection vulnerability in org-mode" href="show_bug.cgi?id=2180544">bug 2180544</a>) was addressed in Red Hat Enterprise Linux 8 via erratum RHSA-2023:1930 and in Red Hat Enterprise Linux 9 via erratum RHSA-2023:2074, released on Apr 24, 2023 and May 02, 2023 respectively. <a href="https://access.redhat.com/errata/RHSA-2023:1930">https://access.redhat.com/errata/RHSA-2023:1930</a> <a href="https://access.redhat.com/errata/RHSA-2023:2074">https://access.redhat.com/errata/RHSA-2023:2074</a> However, the fix for this issue was not included in the Emacs updates released as part of Red Hat Enterprise Linux 8.8 GA erratum (RHSA-2023:3042) and Red Hat Enterprise Linux 9.2 GA erratum (RHSA-2023:2366), causing a security regression of previously released fix. A new CVE-ID <a href="https://access.redhat.com/security/cve/CVE-2023-2491">CVE-2023-2491</a> was assigned for this security regression. Note that this issue and CVE-ID is specific to the Emacs packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream Emacs version or Emacs packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | <8.8 | |
| Red Hat Enterprise Linux | <9.2 | |
| Red Hat Emacs |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-28617
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2180544
- https://access.redhat.com/errata/RHSA-2023:1930
- https://access.redhat.com/errata/RHSA-2023:2074
- https://access.redhat.com/security/cve/CVE-2023-2491
- https://access.redhat.com/errata/RHSA-2023:2626
- https://access.redhat.com/errata/RHSA-2023:3104
- https://access.redhat.com/security/cve/cve-2023-2491
- https://bugzilla.redhat.com/show_bug.cgi?id=2192873
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-2491
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat enterprise linux
- canonical/red hat emacs