drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in Xdg-utils
Name: |
Mangelnde Eingabeprüfung in Xdg-utils |
|
ID: |
DSA-4211-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Sa, 26. Mai 2018, 09:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18266 |
|
Applikationen: |
Xdg-utils |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4211-1 security@debian.org https://www.debian.org/security/ Luciano Bello May 25, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : xdg-utils CVE ID : CVE-2017-18266 Debian Bug : 898317
Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party could manipulate the parameters used by the browser when opened. This manipulation could set, for example, a proxy to which the network traffic could be intercepted for that particular execution.
For the oldstable distribution (jessie), this problem has been fixed in version 1.1.0~rc1+git20111210-7.4+deb8u1.
For the stable distribution (stretch), this problem has been fixed in version 1.1.1-1+deb9u1.
We recommend that you upgrade your xdg-utils packages.
For the detailed security status of xdg-utils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xdg-utils
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlsIeHIACgkQbsLe9o/+ N3QWGw/8CwtaHUg4RLm1vZ+6/gQatNNTE7Hzq1v5p9Y2A3MRGF7aklTHlyg9Pa1s fO2JYyeInMNwFVohL0CHr1iPbs/NSuFCEvBMONXrFChlKpOfp/UBv2xc/mqM1bXl +9RAfZ30ZcrNs0mKJwzOm927ec+TZZLukLJPXvVqcANmy4GOPpraZWMz037xawEG wEq9MdFhqLbBwXrqBIutP11/8BUUZVPlZj/dTeqp3lqlvnOx5iD5MSGxiU7vag7c MeuDen5hyjFX/NgoXkSURcnFiOjc6zlWS6bxR5cs0nW9PdwKHJk8XP+g8uVrDIVd CNgQlJU+liVQG1ZuM2OhLf0nkTC33QChRieZ3lYrPdnGi3U4Jc5D27HrgxKk6Mx0 g9QLF37DEZPtsp2QsRBA3IuAievwmgbpud2l65SosXnh08cImyhnkzSue/efMns5 zDZcx6xAOusz1KEFh5wSOnYgYFrtH6r8BliDFQX1q5xhLZCvndnoiDrZ94Ptgx8Q WP9h9SqfSLtDOKUj2c1WoJA0m1MXzXh+/lDGGAPpRNqTo/+7KeU3/yu2D1ZalAcC 1upPysxYQlCo5JY7dfdNxu9wbzbOWeUY/v6mTBPxALOrEKZpDuPhxawtFSD0MOS0 LQNRnH5bh9ubJAMXumeIkIamtWoXQjDJuKapds7eG3aYUtI2Pf8= =0fNN -----END PGP SIGNATURE-----
|
|
|
|