Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Debian 7 Wheezy DLA-1384-1 Critical: xdg-utils Remote Attack

debian lts
Calendar Grey May 25, 2018
Dist Debian Esm H88
Upgrade xdg-utils to fix argument injection issues with remote attackers via crafted URLs.
It was found that the open_envvar function in xdg-utils does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remo...

Summary

It was found that the open_envvar function in xdg-utils does not
validate strings before launching the program specified by the BROWSER
environment variable, which might allow remote attackers to conduct
argument-injection attacks via a crafted URL.

For Debian 7 "Wheezy", these problems have been fixed in version
1.1.0~rc1+git20111210-6+deb7u4.

We recommend that you upgrade your xdg-utils packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: xdg-utils
Version: 1.1.0~rc1+git20111210-6+deb7u4
CVE ID: CVE-2017-18266
Debian Bug: 898317

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.