Bug 33326 - emacs new security issue: arbitrary shell command evaluation
Summary: emacs new security issue: arbitrary shell command evaluation
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-06-24 10:36 CEST by Nicolas Salguero
Modified: 2024-06-25 18:12 CEST (History)
2 users (show)

See Also:
Source RPM: emacs-28.2-10.1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Nicolas Salguero 2024-06-24 10:36:59 CEST

Assignee: bugsquad => nicolas.salguero
Source RPM: (none) => emacs-28.2-10.1.mga9.src.rpm

Comment 1 Nicolas Salguero 2024-06-24 11:28:52 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Arbitrary shell command evaluation.

References:
https://www.openwall.com/lists/oss-security/2024/06/23/1
https://www.openwall.com/lists/oss-security/2024/06/23/2
========================

Updated packages in core/updates_testing:
========================
emacs-28.2-10.2.mga9
emacs-common-28.2-10.2.mga9
emacs-doc-28.2-10.2.mga9
emacs-el-28.2-10.2.mga9
emacs-leim-28.2-10.2.mga9
emacs-nox-28.2-10.2.mga9

from SRPM:
emacs-28.2-10.2.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

katnatek 2024-06-24 19:43:16 CEST

Keywords: (none) => advisory

Comment 2 katnatek 2024-06-24 20:01:15 CEST 
RH mageia 9 x86_64

Install current emacs
Create in other editor a file with POC
Open the file with emacs
Confirmed the fail
Remove the produced ~/hacked.txt

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing emacs-28.2-10.2.mga9.x86_64.rpm emacs-common-28.2-10.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: emacs-common          ##################################################################################################
      2/2: emacs                 ##################################################################################################
      1/2: removing emacs-28.2-10.1.mga9.x86_64
                                 ##################################################################################################
      2/2: removing emacs-common-28.2-10.1.mga9.x86_64
                                 ##################################################################################################

Open again the POC file
Now the ~/hacked.txt is not created, and the application shows a warning about Disabling unsafe link abbrev

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 3 Thomas Andrews 2024-06-25 13:24:30 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2024-06-25 18:12:45 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0237.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.