Ubuntu: (Multiple Advisories) (CVE-2023-28617): Emacs vulnerability

Ubuntu: (Multiple Advisories) (CVE-2023-28617): Emacs vulnerability

Severity

7

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

03/19/2023

Created

05/05/2023

Added

04/10/2023

Modified

01/28/2025

Description

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Solution(s)

• ubuntu-pro-upgrade-emacs
• ubuntu-pro-upgrade-emacs-bin-common
• ubuntu-pro-upgrade-emacs-common
• ubuntu-pro-upgrade-emacs-el
• ubuntu-pro-upgrade-emacs24
• ubuntu-pro-upgrade-emacs24-bin-common
• ubuntu-pro-upgrade-emacs24-common
• ubuntu-pro-upgrade-emacs24-el
• ubuntu-pro-upgrade-emacs25
• ubuntu-pro-upgrade-emacs25-bin-common
• ubuntu-pro-upgrade-emacs25-common
• ubuntu-pro-upgrade-emacs25-el

References

• https://attackerkb.com/topics/cve-2023-28617
• CVE - 2023-28617
• USN-6003-1
• USN-7027-1