- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202407-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: GNU Emacs, Org Mode: Multiple Vulnerabilities
Date: July 01, 2024
Bugs: #897950, #927820
ID: 202407-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode,
the worst of which could lead to arbitrary code execution.

Background
==========

GNU Emacs is a highly extensible and customizable text editor.

Affected packages
=================

Package Vulnerable Unaffected
------------------ ------------- --------------
app-editors/emacs < 26.3-r16:26 >= 26.3-r16:26
< 27.2-r14:27 >= 27.2-r14:27
< 28.2-r10:28 >= 28.2-r10:28
< 29.2-r1:29 >= 29.2-r1:29
app-emacs/org-mode < 9.6.23 >= 9.6.23

Description
===========

Multiple vulnerabilities have been discovered in GNU Emacs. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GNU Emacs users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/emacs-29.3-r2"

All Org Mode users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emacs/org-mode-9.6.23"

References
==========

[ 1 ] CVE-2022-48337
https://nvd.nist.gov/vuln/detail/CVE-2022-48337
[ 2 ] CVE-2022-48338
https://nvd.nist.gov/vuln/detail/CVE-2022-48338
[ 3 ] CVE-2022-48339
https://nvd.nist.gov/vuln/detail/CVE-2022-48339
[ 4 ] CVE-2024-30202
https://nvd.nist.gov/vuln/detail/CVE-2024-30202
[ 5 ] CVE-2024-30203
https://nvd.nist.gov/vuln/detail/CVE-2024-30203
[ 6 ] CVE-2024-30204
https://nvd.nist.gov/vuln/detail/CVE-2024-30204
[ 7 ] CVE-2024-30205
https://nvd.nist.gov/vuln/detail/CVE-2024-30205

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202407-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmaCRdAACgkQFMQkOaVy +9mxRg/8DC4gg6oAsk94IfrY3/N2Bdb3PoOgTlBk8Ij848dQrzSTRqop4VgJoarW AZwERudOytl0QQr32kpPNnuRh+H+nl0dlCm0yce69fGXlWsnwYaRbmiVW5ZGGcVP 0DgvASklDfcZTidrIG1bCjCyE3hJN0xp/G56uYVPmV1n9UK9wKlIGaqrD8B9AUMY qFIVp2kRrOKxI67bBT0/Ghj6bMLAitnPMfuqnztGSP5H3YD/z1r4OjdHuFkj7953 6U0wj2drcggriFqijgakU1NjbaZKdR8gTM0Uv/m3p3CqGSwXuJvH5ng1IKy206+b oRmff7ARQxBlpHb/AbI9b8AYyy5Q+st7dgHc3UFzLLiMIGqi4ATx3JR0sg6xspKI fGnQ0HvEXsWU3DANL4PSU0Iu6WVnjTl5hzrLkAZTtdB0oJ8hiLGJDmOKk9Ocvh+m fF0l4fym+Pm+OoBQ3GAyGjUyej7zx7Sz/4142u+rPTeeooGfRn7DNS87oAYjMgT8 Bj2eofBYCgMfGYVZbSVTqODte4jwXydZNR9QpEv2Xv+5jxi6C5BCGFGvlASJE+S2 pG3pgwye1eQIxRvGqJhLMPfLzunj7T/kIZufwZcW8L5snvef6eD+AIeWnIwMHdSH ePTKWecs3JFDRFkEOjDJWVBiH4N6n+FTBy/W49eq5GMwK61Jjgw=
=Q/Nm
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)