drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Pygments
Name: |
Ausführen beliebiger Kommandos in Pygments |
|
ID: |
DSA-3445-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie, Debian stretch |
|
Datum: |
Do, 14. Januar 2016, 07:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8557 |
|
Applikationen: |
Pygments |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pygments CVE ID : CVE-2015-8557 Debian Bug : 802828
Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name.
For the oldstable distribution (wheezy), this problem has been fixed in version 1.5+dfsg-1+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 2.0.1+dfsg-1.1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 2.0.1+dfsg-2.
For the unstable distribution (sid), this problem has been fixed in version 2.0.1+dfsg-2.
We recommend that you upgrade your pygments packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJWlspWAAoJEAVMuPMTQ89EXQ8P/A+1hk6GVwctyMkYk2RtctVV In2tcwA0DvobNr9NIYXdKICaZ5O2Cn30UItVprq/2s8TIKMimKaqZzf0UdWd+0yM aclsQi9vKKELC/i37YhE7SA3HIPurrQY45HlqbLlMl2OdawuYeoB99S11HK6G5Ym 0f28wubG9idzqWPihhYZCJYIxxEW1YUwgyPhw0VBvSzZE4VOKPstWrmNV2SA7fBP nigSxLvYfphP0vjObrtsSBotqbu7QkpCnSCV3qQbXn2MOaaqcXWwXvaYHxU9zyc+ NESVUD+p80uD3ZfSxWkjjujpT4TVcJ6ayjGVeQHOBE+/VAEZT8Ktsz4W5F8bwAOZ 87TKDrMN9LS7FDBBl3+LNdp9fhIAOvVZl60SnRIoR5Cb81szzxd+UBI5dcaDlrIu nQGEfJLfhnu3bK4J9JQsaEDYpBgvldE9AAktgeWWb5ry3+FVaH9rgzFDk1ZWHGTN 6OXlBDHMxt5URlVLO1vyarUtVqO4hyOGJwXpQHVj+wnWPbmXkLitufvhVb3P0B+3 9LOoaAR32i3MxkT5B5z8bRIyfPqbLz1nP7kFDb6jwJe026nkNOmm5+Gu4XITqtrp 1UUyFh7CeuYpMkCE1MCb9PW/HqFJPl9AMmuX6LclI1rrS18FTd8dITvJF80Twkjq Q99idgKlc5VF4NPjwaj/ =mGYo -----END PGP SIGNATURE-----
|
|
|
|