{"id":"ALSA-2023:2626","summary":"Important: emacs security update","details":"GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* emacs: Regression of CVE-2023-28617 fixes in the AlmaLinux (CVE-2023-2491)\n* emacs: command execution via shell metacharacters (CVE-2022-48337)\n* emacs: local command injection in ruby-mode.el (CVE-2022-48338)\n* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:54:04.932524Z","published":"2023-05-09T00:00:00Z","related":["CVE-2022-48337","CVE-2022-48338","CVE-2022-48339","CVE-2023-2491","CVE-2023-28617"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:2626"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-48337"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-48338"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-48339"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-2491"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2171987"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2171988"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2171989"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2192873"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-2626.html"}],"affected":[{"package":{"name":"emacs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/emacs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:27.2-8.el9_2.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2626.json"}},{"package":{"name":"emacs-common","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/emacs-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:27.2-8.el9_2.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2626.json"}},{"package":{"name":"emacs-filesystem","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/emacs-filesystem"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:27.2-8.el9_2.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2626.json"}},{"package":{"name":"emacs-lucid","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/emacs-lucid"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:27.2-8.el9_2.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2626.json"}},{"package":{"name":"emacs-nox","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/emacs-nox"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:27.2-8.el9_2.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:2626.json"}}],"schema_version":"1.7.3"}