Sicherheit: Mangelnde Eingabeprüfung in Xdg-utils
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in Xdg-utils
ID: FEDORA-2018-b753813bf0
Distribution: Fedora
Plattformen: Fedora 27
Datum: Do, 17. Mai 2018, 17:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18266
Applikationen: Xdg-utils


Fedora Update Notification
2018-05-17 13:22:46.744070

Name : xdg-utils
Product : Fedora 27
Version : 1.1.3
Release : 1.fc27
URL : http://portland.freedesktop.org/
Summary : Basic desktop integration functions
Description :
The xdg-utils package is a set of simple scripts that provide basic
desktop integration functions for any Free Desktop, such as Linux.
They are intended to provide a set of defacto standards.
This means that:
* Third party software developers can rely on these xdg-utils
for all of their simple integration needs.
* Developers of desktop environments can make sure that their
environments are well supported
* Distribution vendors can provide custom versions of these utilities

The following scripts are provided at this time:
* xdg-desktop-icon Install icons to the desktop
* xdg-desktop-menu Install desktop menu items
* xdg-email Send mail using the user's preferred e-mail
* xdg-icon-resource Install icon resources
* xdg-mime Query information about file type handling and
install descriptions for new file types
* xdg-open Open a file or URL in the user's preferred
* xdg-screensaver Control the screensaver
* xdg-settings Get various settings from the desktop environment

Update Information:

New upstream bugfix release, includes security fix for CVE-2017-18266

* Thu May 10 2018 Rex Dieter <rdieter@fedoraproject.org> - 1.1.3-1
- xdg-utils-1.1.3
* Tue Feb 27 2018 Rex Dieter <rdieter@fedoraproject.org> - 1.1.2-4
- pull in upstream fixes
* Fri Feb 9 2018 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1578767 - CVE-2017-18266 xdg-utils: Argument injection
vulnerability in open_envvar() function

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-b753813bf0' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCB3GFSDDS6G3TILCCJCY3TVMV473DLU/
Pro-Linux @Twitter
Neue Nachrichten