MGASA-2018-0412 - Updated lilypond packages fix security vulnerability Publication date: 26 Oct 2018 URL: https://advisories.mageia.org/MGASA-2018-0412.html Type: security Affected Mageia releases: 6 CVE: CVE-2017-17523 lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks (CVE-2017-17523). References: - https://bugs.mageia.org/show_bug.cgi?id=23146 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17523 SRPMS: - 6/core/lilypond-2.19.82-1.mga6
Mageia 2018-0412: lilypond security update
lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks (...
Summary
lilypond does not validate strings before launching the program specified
by the BROWSER environment variable, which allows remote attackers to
conduct argument-injection attacks (CVE-2017-17523).
References
- https://bugs.mageia.org/show_bug.cgi?id=23146
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17523
Resolution
MGASA-2018-0412 - Updated lilypond packages fix security vulnerability
SRPMS
- 6/core/lilypond-2.19.82-1.mga6
Severity
Publication date: 26 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0412.html
Type: security
CVE: CVE-2017-17523
News
HOWTOs
Features
About Us
Powered By
