GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-bin-common" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-bin-common-dbgsym" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-common" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-dbg" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-dbgsym" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-el" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-lucid" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-lucid-dbg" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-lucid-dbgsym" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-nox" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-nox-dbg" }, { "binary_version": "24.5+1-6ubuntu1.1+esm1", "binary_name": "emacs24-nox-dbgsym" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-bin-common" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-bin-common-dbgsym" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-common" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-dbg" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-el" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-lucid" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-lucid-dbg" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-nox" }, { "binary_version": "25.2+1-6ubuntu0.1~esm2", "binary_name": "emacs25-nox-dbg" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-bin-common" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-bin-common-dbgsym" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-common" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-el" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-gtk" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-gtk-dbgsym" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-lucid" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-lucid-dbgsym" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-nox" }, { "binary_version": "1:26.3+1-1ubuntu2+esm1", "binary_name": "emacs-nox-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-bin-common" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-bin-common-dbgsym" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-common" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-el" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-gtk" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-gtk-dbgsym" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-lucid" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-lucid-dbgsym" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-nox" }, { "binary_version": "1:27.1+1-3ubuntu5.2", "binary_name": "emacs-nox-dbgsym" } ] }