USN-5955-1: Emacs vulnerability
15 March 2023
Emacs could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- emacs24 - GNU Emacs editor
Details
It was discovered that Emacs did not properly manage certain files when
using htmlfontify functionality. A local attacker could possibly use this
issue to cause a denial of service, or possibly execute arbitrary commands.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
emacs24
-
24.5+1-6ubuntu1.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7027-1: emacs-el, emacs24-lucid, emacs-bin-common, emacs-gtk, emacs-common, emacs25-el, emacs24, emacs24-common, emacs25-nox, emacs25-bin-common, emacs24-nox, emacs, emacs-pgtk, emacs24-el, emacs25-common, emacs25, emacs25-lucid, emacs24-bin-common, emacs-lucid, emacs-nox