Security update for emacs SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2535-1 Final 1 1 2017-09-20T19:54:20Z current 2017-09-20T19:54:20Z 2017-09-20T19:54:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for emacs This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00077.html E-Mail link for openSUSE-SU-2017:2535-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 emacs-24.3-28.1 emacs-el-24.3-28.1 emacs-info-24.3-28.1 emacs-nox-24.3-28.1 emacs-x11-24.3-28.1 etags-24.3-28.1 emacs-24.3-28.1 as a component of openSUSE Leap 42.2 emacs-el-24.3-28.1 as a component of openSUSE Leap 42.2 emacs-info-24.3-28.1 as a component of openSUSE Leap 42.2 emacs-nox-24.3-28.1 as a component of openSUSE Leap 42.2 emacs-x11-24.3-28.1 as a component of openSUSE Leap 42.2 etags-24.3-28.1 as a component of openSUSE Leap 42.2 emacs-24.3-28.1 as a component of openSUSE Leap 42.3 emacs-el-24.3-28.1 as a component of openSUSE Leap 42.3 emacs-info-24.3-28.1 as a component of openSUSE Leap 42.3 emacs-nox-24.3-28.1 as a component of openSUSE Leap 42.3 emacs-x11-24.3-28.1 as a component of openSUSE Leap 42.3 etags-24.3-28.1 as a component of openSUSE Leap 42.3 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). CVE-2017-14482 openSUSE Leap 42.2:emacs-24.3-28.1 openSUSE Leap 42.2:emacs-el-24.3-28.1 openSUSE Leap 42.2:emacs-info-24.3-28.1 openSUSE Leap 42.2:emacs-nox-24.3-28.1 openSUSE Leap 42.2:emacs-x11-24.3-28.1 openSUSE Leap 42.2:etags-24.3-28.1 openSUSE Leap 42.3:emacs-24.3-28.1 openSUSE Leap 42.3:emacs-el-24.3-28.1 openSUSE Leap 42.3:emacs-info-24.3-28.1 openSUSE Leap 42.3:emacs-nox-24.3-28.1 openSUSE Leap 42.3:emacs-x11-24.3-28.1 openSUSE Leap 42.3:etags-24.3-28.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00077.html https://www.suse.com/security/cve/CVE-2017-14482.html CVE-2017-14482 https://bugzilla.suse.com/1058425 SUSE Bug 1058425