Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.7027.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7027-1)
Summary:	The remote host is missing an update for the 'emacs, emacs24, emacs25' package(s) announced via the USN-7027-1 advisory.
Description:	Summary: The remote host is missing an update for the 'emacs, emacs24, emacs25' package(s) announced via the USN-7027-1 advisory. Vulnerability Insight: It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-45939) Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-48337) Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-48338) Xi Lu discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-48339) It was discovered that Emacs incorrectly handled filename sanitization. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-28617) It was discovered that Emacs incorrectly handled certain crafted files. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-30203, CVE-2024-30204, CVE-2024-30205) It was discovered that Emacs incorrectly handled certain crafted files. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2024-39331) Affected Software/OS: 'emacs, emacs24, emacs25' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-45939 Debian Security Information: DSA-5314 (Google Search) https://www.debian.org/security/2023/dsa-5314 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/ https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2022-48337 Debian Security Information: DSA-5360 (Google Search) https://www.debian.org/security/2023/dsa-5360 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK/ https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2022-48338 https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c Common Vulnerability Exposure (CVE) ID: CVE-2022-48339 https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c Common Vulnerability Exposure (CVE) ID: CVE-2023-28617 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A@qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e https://lists.debian.org/debian-lts-announce/2023/10/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2024-30203 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804 https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 https://lists.debian.org/debian-lts-announce/2024/04/msg00023.html https://lists.debian.org/debian-lts-announce/2024/04/msg00024.html http://www.openwall.com/lists/oss-security/2024/03/25/2 http://www.openwall.com/lists/oss-security/2024/04/08/3 http://www.openwall.com/lists/oss-security/2024/04/08/4 http://www.openwall.com/lists/oss-security/2024/04/08/6 http://www.openwall.com/lists/oss-security/2024/04/08/7 http://www.openwall.com/lists/oss-security/2024/04/10/3 http://www.openwall.com/lists/oss-security/2024/04/10/4 http://www.openwall.com/lists/oss-security/2024/04/10/6 http://www.openwall.com/lists/oss-security/2024/04/10/5 http://www.openwall.com/lists/oss-security/2024/04/11/4 http://www.openwall.com/lists/oss-security/2024/04/11/6 http://www.openwall.com/lists/oss-security/2024/04/11/5 Common Vulnerability Exposure (CVE) ID: CVE-2024-30204 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c Common Vulnerability Exposure (CVE) ID: CVE-2024-30205 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d Common Vulnerability Exposure (CVE) ID: CVE-2024-39331 https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=f4cc61636947b5c2f0afc67174dd369fe3277aa8 https://list.orgmode.org/87sex5gdqc.fsf@localhost/ https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html https://news.ycombinator.com/item?id=40768225 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://www.openwall.com/lists/oss-security/2024/06/23/2
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.