drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in plexus-utils
Name: |
Ausführen beliebiger Kommandos in plexus-utils |
|
ID: |
DSA-4146-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Di, 20. März 2018, 22:57 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487 |
|
Applikationen: |
plexus-utils |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : plexus-utils CVE ID : CVE-2017-1000487
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands.
For the oldstable distribution (jessie), this problem has been fixed in version 1:1.5.15-4+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 1:1.5.15-4+deb9u1.
We recommend that you upgrade your plexus-utils packages.
For the detailed security status of plexus-utils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/plexus-utils
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqxbXMACgkQEMKTtsN8 TjY3OA//YUw9LS3G8+kKgvVsXXkkUn2a+Ilw8ZHj5ZA6yhmxGX09jqA5K0ofrb6F WbzZmLe86AuI8KbLct83VMZ3IRhUKqwNoBlEQ+D7hiRDOvc8ZyCZLyZpBz1ItVJw 2UFbmwgIhKrq1wSx9JftNSRU+DJcuvl5gaTLLsbeOpkBXSb38ZdCg9yMi1usDQlQ rSAXCxcTsmhe6n4AqKIO/nqPIf+Gj8lcApW51j3qU1cmOneqG/J+h4T8CHvQ4TlQ 00wJ7obrHRERz08VoB8OBKLAPd/Q3G/hFs4RYNbmIKw07F/qz6tkKENIWzQLfiGz VCOzs8kWf87urz/SsEu+ByKzc34QIStZ32DBVhM37bIYxmZxukNDU4f6AkU3gceV lVnocAwIBnZNRtkFqi7YAQb/oITGAHbJw7aaqVysEf6+68aYOoK1OZQXzJaUkMKK FNf7dpEKBsN3pdkgE4Hv3bzBTsTs4gXCemlKOQ1O5Ao/OBwxtX5YlyK+RGldACoj x+CfF0QpQq1xsrEgo0xLQClcu9br+osLyzi8ZgvQdynMzMdtYUABbRZVE7natLSU vGP3u5ZfYDIXEf59dqoi+BIXAlMCz4fAMGOFTmEeFxfTdYfyTtf6+9EKxXCG5wpW 2vk9QYnbXqcBufZMbHGKr5dsZNGEtcDqZg9GEb4iE9RsE7ZV29s= =RUIF -----END PGP SIGNATURE-----
|
|
|
|