Fedora 24: Security Advisory for Picocom 2.2 Command Injection Risk

As its name suggests, [picocom] is a minimal dumb-terminal emulation

program. It is, in principle, very much like minicom, only it's "pico"

instead of "mini"! It was designed to serve as a simple, manual, modem

configuration, testing, and debugging tool. It has also served (quite

well) as a low-tech "terminal-window" to allow operator intervention

in PPP connection scripts (something like the ms-windows "open

terminal window before / after dialing" feature). It could also prove

useful in many other similar tasks. It is ideal for embedded systems

since its memory footprint is minimal (less than 20K, when

stripped).

Upgrade to 2.2, fixing CVE-2015-9059

[ 1 ] Bug #1456399 - CVE-2015-9059 picocom: Command injection in the "send and receive file" command [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1456399

su -c 'dnf upgrade picocom' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org