Mageia 9 MGASA-2023-0325 moderate: lilypond code execution threat

mageia

November 27, 2023

Updated lilypond packages fix a security vulnerability: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, ...

Summary

Updated lilypond packages fix a security vulnerability:
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.

References

- https://bugs.mageia.org/show_bug.cgi?id=31889

- https://www.cve.org/CVERecord?id=CVE-2020-17354

Topics Covered

security advisory code execution vulnerability arbitrary execution Mageia lilypond

Resolution

SRPMS

- 9/core/lilypond-2.24.2-2.mga9

Publication date: 27 Nov 2023

URL: https://advisories.mageia.org/MGASA-2023-0325.html

Type: security

CVE: CVE-2020-17354

Topics Covered

security advisory code execution vulnerability arbitrary execution Mageia lilypond

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9 MGASA-2023-0325 moderate: lilypond code execution threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9 MGASA-2023-0325 moderate: lilypond code execution threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!