ALAS2023-2024-584

Amazon Linux 2023 Security Advisory: ALAS2023-2024-584
Advisory Released Date: 2024-04-17
Advisory Updated Date: 2024-04-17
Severity: Important
Issue Overview:

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. (CVE-2024-30202)


Affected Packages:

emacs


Issue Correction:
Run dnf update emacs --releasever 2023.4.20240416 to update your system.

New Packages:
aarch64:
    emacs-devel-28.2-3.amzn2023.0.7.aarch64
    emacs-debuginfo-28.2-3.amzn2023.0.7.aarch64
    emacs-nox-debuginfo-28.2-3.amzn2023.0.7.aarch64
    emacs-common-debuginfo-28.2-3.amzn2023.0.7.aarch64
    emacs-debugsource-28.2-3.amzn2023.0.7.aarch64
    emacs-lucid-debuginfo-28.2-3.amzn2023.0.7.aarch64
    emacs-lucid-28.2-3.amzn2023.0.7.aarch64
    emacs-nox-28.2-3.amzn2023.0.7.aarch64
    emacs-28.2-3.amzn2023.0.7.aarch64
    emacs-common-28.2-3.amzn2023.0.7.aarch64

noarch:
    emacs-filesystem-28.2-3.amzn2023.0.7.noarch
    emacs-terminal-28.2-3.amzn2023.0.7.noarch

src:
    emacs-28.2-3.amzn2023.0.7.src

x86_64:
    emacs-common-debuginfo-28.2-3.amzn2023.0.7.x86_64
    emacs-lucid-debuginfo-28.2-3.amzn2023.0.7.x86_64
    emacs-devel-28.2-3.amzn2023.0.7.x86_64
    emacs-nox-debuginfo-28.2-3.amzn2023.0.7.x86_64
    emacs-debuginfo-28.2-3.amzn2023.0.7.x86_64
    emacs-debugsource-28.2-3.amzn2023.0.7.x86_64
    emacs-nox-28.2-3.amzn2023.0.7.x86_64
    emacs-lucid-28.2-3.amzn2023.0.7.x86_64
    emacs-28.2-3.amzn2023.0.7.x86_64
    emacs-common-28.2-3.amzn2023.0.7.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-30202

Mitre: CVE-2024-30202