OSG-SEC-2023-04-26_2 MEDIUM GNU Emacs Org Mode arbitrary command injection
Dear OSG Security Contacts,
A vulnerability was identified in org-babel-execute:latex in ob-latex.el in Org Mode  through 9.6.1 for GNU Emacs.  It's unclear how widely this impacts OSG users, but all users of the GNU Emacs editor should install available updates for their OS as a precaution.
Org Mode versions 9.6.1 and prior.
WHAT ARE THE VULNERABILITIES:
The vulnerability allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.
WHAT YOU SHOULD DO:
RHEL 8 & 9 based distributions Update the Emacs packages on your systems. 
RHEL 7 based distributions aren't impacted.
For Ubuntu see 
For other Debian distributions see 
Please contact the OSG security team at [email protected] if you have any questions or concerns. OSG Security Team