USN-7027-1

Source
https://ubuntu.com/security/notices/USN-7027-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7027-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-7027-1
Related
Published
2024-09-19T17:16:05.981190Z
Modified
2024-09-19T17:16:05.981190Z
Summary
emacs, emacs24, emacs25 vulnerabilities
Details

It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-45939)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-48337)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338)

Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-48339)

It was discovered that Emacs incorrectly handled filename sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-28617)

It was discovered that Emacs incorrectly handled certain crafted files. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203, CVE-2024-30204, CVE-2024-30205)

It was discovered that Emacs incorrectly handled certain crafted files. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2024-39331)

References

Affected packages

Ubuntu:Pro:16.04:LTS / emacs24

Package

Name
emacs24
Purl
pkg:deb/ubuntu/emacs24?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.5+1-6ubuntu1.1+esm4

Affected versions

24.*

24.5+1-1ubuntu2
24.5+1-1ubuntu4
24.5+1-1ubuntu5
24.5+1-1ubuntu6
24.5+1-1ubuntu7
24.5+1-6ubuntu1
24.5+1-6ubuntu1.1
24.5+1-6ubuntu1.1+esm1
24.5+1-6ubuntu1.1+esm2
24.5+1-6ubuntu1.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-bin-common"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-bin-common-dbgsym"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-common"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-dbg"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-dbgsym"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-el"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-lucid"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-lucid-dbg"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-lucid-dbgsym"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-nox"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-nox-dbg"
        },
        {
            "binary_version": "24.5+1-6ubuntu1.1+esm4",
            "binary_name": "emacs24-nox-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / emacs25

Package

Name
emacs25
Purl
pkg:deb/ubuntu/emacs25?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.2+1-6ubuntu0.1~esm2

Affected versions

25.*

25.2+1-6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-bin-common"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-bin-common-dbgsym"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-common"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-dbg"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-el"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-lucid"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-lucid-dbg"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-nox"
        },
        {
            "binary_version": "25.2+1-6ubuntu0.1~esm2",
            "binary_name": "emacs25-nox-dbg"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / emacs

Package

Name
emacs
Purl
pkg:deb/ubuntu/emacs?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:26.3+1-1ubuntu2+esm1

Affected versions

1:26.*

1:26.3+1-1ubuntu1
1:26.3+1-1ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-bin-common"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-bin-common-dbgsym"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-common"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-el"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-gtk"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-gtk-dbgsym"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-lucid"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-lucid-dbgsym"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-nox"
        },
        {
            "binary_version": "1:26.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-nox-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / emacs

Package

Name
emacs
Purl
pkg:deb/ubuntu/emacs?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:27.1+1-3ubuntu5.2

Affected versions

1:27.*

1:27.1+1-3ubuntu3
1:27.1+1-3ubuntu5
1:27.1+1-3ubuntu5.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-bin-common"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-bin-common-dbgsym"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-common"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-el"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-gtk"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-gtk-dbgsym"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-lucid"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-lucid-dbgsym"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-nox"
        },
        {
            "binary_version": "1:27.1+1-3ubuntu5.2",
            "binary_name": "emacs-nox-dbgsym"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / emacs

Package

Name
emacs
Purl
pkg:deb/ubuntu/emacs?arch=src?distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:29.3+1-1ubuntu2+esm1

Affected versions

1:29.*

1:29.1+1-5ubuntu1
1:29.2+1-1ubuntu1
1:29.2+1-2ubuntu4
1:29.3+1-1ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-bin-common"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-bin-common-dbgsym"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-common"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-el"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-gtk"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-gtk-dbgsym"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-lucid"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-lucid-dbgsym"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-nox"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-nox-dbgsym"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-pgtk"
        },
        {
            "binary_version": "1:29.3+1-1ubuntu2+esm1",
            "binary_name": "emacs-pgtk-dbgsym"
        }
    ]
}