ALAS-2017-912

Amazon Linux 1 (EOL) Security Advisory: ALAS-2017-912
Advisory Released Date: 2017-10-12
Advisory Updated Date: 2017-10-13

Severity: Important

References: CVE-2017-14482
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Command injection flaw within "enriched mode" handling:
A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)

Affected Packages:

emacs

Issue Correction:
Run yum update emacs to update your system.

New Packages:

i686:
    emacs-common-24.3-20.22.amzn1.i686
    emacs-24.3-20.22.amzn1.i686
    emacs-debuginfo-24.3-20.22.amzn1.i686

noarch:
    emacs-el-24.3-20.22.amzn1.noarch

src:
    emacs-24.3-20.22.amzn1.src

x86_64:
    emacs-24.3-20.22.amzn1.x86_64
    emacs-common-24.3-20.22.amzn1.x86_64
    emacs-debuginfo-24.3-20.22.amzn1.x86_64

Additional References

Red Hat: CVE-2017-14482

Mitre: CVE-2017-14482