[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1384-1] xdg-utils security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Package        : xdg-utils
Version        : 1.1.0~rc1+git20111210-6+deb7u4
CVE ID         : CVE-2017-18266
Debian Bug     : 898317


It was found that the open_envvar function in xdg-utils does not
validate strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0~rc1+git20111210-6+deb7u4.

We recommend that you upgrade your xdg-utils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlsH4SsACgkQhj1N8u2c
KO99mA/9FdvP2h0WoVXzn4KlBdvmPOhF8GF3UCi4Sh9VVGD+Qgv8721W5e+sjnqV
j9fMdfF2w+KR236UCQdTcUz3adnAjkOINu4zjvwGI8zLSeu6Yi6VoNgJ4usZke52
HGAE9bu8v9HuJLl8/lhal0ZfCIPU5sigSn6LELZBNHlAzqs7nzSbY9Ch19yxlMLz
XxpZWlNUzL6lpm7IUbxYqYDHkccH76ek4t+SlBwHSETTQEVIFRr7dMq8T4Xwl7z2
3KGyPxIfXrpi512HxdrK4epDojKLXD2/1oR9aFtSlZ4Ys2B1warjmcdf63KKcV4P
0IbY3Oq/DkG0R6eOfdJA2Yib05MBFJsjJr9kLOCFAv+3WgHZ0TzV2biQdFbeeLDi
uWEOOtszeYxdPmp6kG/1OfOS3A+YnvH/k3cV/pWF7gAYinM0dSKiELYcWAHj1tIK
f1yfgas8bccCTpmCNi1ssqs4PyklfDCHRlZeLmk+ZrWXG72MxHSDPSbcSqe+7+X8
tSueH8tdOam2tKCrmrR8LJwouOhHUthmGScFOKoMEHWqafn9IxI/6ml9KfvebUDK
iiQB6L0dyJVKLzzM+aO4EiQrh0rLiDRUzMlY4RrySpgfms3lgCEIv4M8d/bbGfeU
vqd7xFULZ+KJohGvctuwYbBv+2EJsISE7UbdkeIyQTIwFn3UiTY=
=73w9
-----END PGP SIGNATURE-----


Reply to: