Amazon Linux 2023: CVE-2024-30202: Important priority package update for emacs

Amazon Linux 2023: CVE-2024-30202: Important priority package update for emacs

Severity

7

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

03/25/2024

Created

02/14/2025

Added

02/14/2025

Modified

02/14/2025

Description

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. A flaw was found in Emacs. Arbitrary Lisp code can be evaluated when an Org mode file is opened or when the Org mode is being enabled, resulting in arbitrary code execution.

Solution(s)

• amazon-linux-2023-upgrade-emacs
• amazon-linux-2023-upgrade-emacs-common
• amazon-linux-2023-upgrade-emacs-common-debuginfo
• amazon-linux-2023-upgrade-emacs-debuginfo
• amazon-linux-2023-upgrade-emacs-debugsource
• amazon-linux-2023-upgrade-emacs-devel
• amazon-linux-2023-upgrade-emacs-filesystem
• amazon-linux-2023-upgrade-emacs-lucid
• amazon-linux-2023-upgrade-emacs-lucid-debuginfo
• amazon-linux-2023-upgrade-emacs-nox
• amazon-linux-2023-upgrade-emacs-nox-debuginfo
• amazon-linux-2023-upgrade-emacs-terminal

References

• https://attackerkb.com/topics/cve-2024-30202
• CVE - 2024-30202
• https://alas.aws.amazon.com/AL2023/ALAS-2024-584.html