USN-5955-1: Emacs vulnerability
15 March 2023
Emacs could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- emacs24 - GNU Emacs editor
Details
It was discovered that Emacs did not properly manage certain files when
using htmlfontify functionality. A local attacker could possibly use this
issue to cause a denial of service, or possibly execute arbitrary commands.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
emacs24
-
24.5+1-6ubuntu1.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.