drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Xdg-utils
Name: |
Ausführen beliebiger Kommandos in Xdg-utils |
|
ID: |
DSA-3165-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
So, 22. Februar 2015, 10:47 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1877 |
|
Applikationen: |
Xdg-utils |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3165-1 security@debian.org http://www.debian.org/security/ Michael Gilbert February 21, 2015 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xdg-utils CVE ID : CVE-2015-1877 Debian Bug : 777722
Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
This problem only affects /bin/sh implementations that don't sanitize local variables. Dash, which is the default /bin/sh in Debian is affected. Bash as /bin/sh is known to be unaffected.
For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u3.
For the upcoming stable (jessie) and unstable (sid) distributions, this problem will be fixed soon.
We recommend that you upgrade your xdg-utils packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQQcBAEBCgAGBQJU6WG2AAoJELjWss0C1vRzmEof/3yl6xrjW+HidxZWt1gFfxE5 f7h5IvNqT3CYkR2oTUruUH8CuKqGgGDOdF3Xg62gid2C0KnK5Y67ZLKPYrxTM1EY yP5XZvBwHWO05SMx9qpyk0qCknTESXKVongIA5QVAJxfKfStnGa6igHJzNdremp+ qpm/0IpAu50RF7jWJ1RI3EFAYT0xWwFlBqhEGVEZXEE+4BSR87NL66UG5qaXuiT6 K1Tuj7s1mEPuXrL/Kg8wpFV8e6RUuHSQgeWZ3lTLB13AnMeZnOMRDG/rf8/iruhX GXl50mzReTeVzexd6CerG7lZkORWHIhPvRl4H/4UcuH5QIUrWEM/ipDgYlzvw/W/ c2gesywaO/F8b8TKy9sC/3VHQNXaFr9ar/lShkHU6z1XyqerHbFQWWZb9yc0zSwB TPOzI4YMylklkorrOm9HeFbSIrB+pfOI9ivQSapQqucrkejXy0R47bwy2FJY8QZj 4D2MkAwjhlDiRWGVyvqRges/s8+zBUzMIhlfNq54xI7ZaPlUAPEQ3fInLFZJ5v2a RDFtqvpzdi3GL3vR/ntdiu3zl+gK2OOfgHVe5CWdZIqTcGNmUa4W8Gy6KoTOJGRq UMrvp7qKI0lTF9tyQbpDi9Dq8h74foxnfrdEpcasNVLlup5SAKRgtiUnmku4I5Ts Hp81UqYWWdWjoD97U1pcy+3xgQeariDMMN5WDDYKzT5FTTcvSHEmeRtb3p88fqM/ kDiUD+Muda7j6nfWHVgsO5p9lhi8WrWpry0WAaZ7w64HXhgb8WM0/aWcn8onY+R/ jcSkKyKFEk+b71nYrgS4JWhzNATCu6kgPH0kLNvJiHZkA9rVHWxsqZfthCBrysEm aCftGyqEkGJFWVcFwxXkCb6NwN9tIE/rJj7iIi2Wp1cVSQGJA24Zyr8n8EprCnYm kMGEw33+iYo3xdTTie0XWR3yMop7R/yw/FXGGjkkptBnMS4EHizZsvTtyQskO15V q9qI4rfMAmV4AOY4U8eJoARZ++haeAbQ+JArjwtxnQUY3ZuYDIDiUFv1LHVKGM+c UXdRgiLMhz00ejTLLAD5x8MZ08MFED7E9km3zHuzKmd1QS1V0OSZc8jEquDd1IRd ivc0DIRGae55zzgqwkZV6znFIY81cmd5sFAMrtQBy4pmhp6WWFHh1W8JETc+l/t+ HcIA1FMMhUC/peWUyJkkA0o+TpDpbfnfSwOJoQAxeXgslU2XyOU8r/mc3ze2/GSu Z/zbVLr62agmh0Y44hdTHFGBlZcYPDHJiKjqcBvQSjTk5BvN0FcQ7m3HTz0lYHpb dnbBCteP/c4srJwjTwCuPVTlz2WI9mzg1NNTvVWaB/ivLSPiGky/lqKt058N0Gk= =eXk5 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/E1YPOed-0007aq-NY@alpha.psidef.org
|
|
|
|