MGASA-2021-0306 - Updated thunar packages fix a security vulnerability Publication date: 30 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0306.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-32563 An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution (CVE-2021-32563). References: - https://bugs.mageia.org/show_bug.cgi?id=28904 - https://www.openwall.com/lists/oss-security/2021/05/09/2 - https://www.openwall.com/lists/oss-security/2021/05/11/3 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32563 SRPMS: - 8/core/thunar-4.16.8-1.mga8
Mageia 2021-0306: thunar security update
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2
Summary
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2.
When called with a regular file as a command-line argument, it delegates to
a different program (based on the file type) without user confirmation.
This could be used to achieve code execution (CVE-2021-32563).
References
- https://bugs.mageia.org/show_bug.cgi?id=28904
- https://www.openwall.com/lists/oss-security/2021/05/09/2
- https://www.openwall.com/lists/oss-security/2021/05/11/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32563
Resolution
MGASA-2021-0306 - Updated thunar packages fix a security vulnerability
SRPMS
- 8/core/thunar-4.16.8-1.mga8
Severity
Publication date: 30 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0306.html
Type: security
CVE: CVE-2021-32563
News
HOWTOs
About Us
Powered By
