Bug 33326

Summary:	emacs new security issue: arbitrary shell command evaluation
Product:	Mageia	Reporter:	Nicolas Salguero <nicolas.salguero>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	andrewsfarm, sysadmin-bugs
Version:	9	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA9-64-OK
Source RPM:	emacs-28.2-10.1.mga9.src.rpm	CVE:
Status comment:

Description Nicolas Salguero 2024-06-24 10:36:22 CEST

That problem was announced here:
https://www.openwall.com/lists/oss-security/2024/06/23/1
https://www.openwall.com/lists/oss-security/2024/06/23/2

Nicolas Salguero 2024-06-24 10:36:59 CEST

Assignee: bugsquad => nicolas.salguero
Source RPM: (none) => emacs-28.2-10.1.mga9.src.rpm

Comment 1 Nicolas Salguero 2024-06-24 11:28:52 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Arbitrary shell command evaluation.

References:
https://www.openwall.com/lists/oss-security/2024/06/23/1
https://www.openwall.com/lists/oss-security/2024/06/23/2
========================

Updated packages in core/updates_testing:
========================
emacs-28.2-10.2.mga9
emacs-common-28.2-10.2.mga9
emacs-doc-28.2-10.2.mga9
emacs-el-28.2-10.2.mga9
emacs-leim-28.2-10.2.mga9
emacs-nox-28.2-10.2.mga9

from SRPM:
emacs-28.2-10.2.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

katnatek 2024-06-24 19:43:16 CEST

Keywords: (none) => advisory

Comment 2 katnatek 2024-06-24 20:01:15 CEST

RH mageia 9 x86_64

Install current emacs
Create in other editor a file with POC
Open the file with emacs
Confirmed the fail
Remove the produced ~/hacked.txt

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing emacs-28.2-10.2.mga9.x86_64.rpm emacs-common-28.2-10.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: emacs-common          ##################################################################################################
      2/2: emacs                 ##################################################################################################
      1/2: removing emacs-28.2-10.1.mga9.x86_64
                                 ##################################################################################################
      2/2: removing emacs-common-28.2-10.1.mga9.x86_64
                                 ##################################################################################################

Open again the POC file
Now the ~/hacked.txt is not created, and the application shows a warning about Disabling unsafe link abbrev

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-06-25 13:24:30 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2024-06-25 18:12:45 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0237.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED