RDFLib could be made to made to execute arbitrary code if it were running
in a directory with a specially crafted file.
Software Description:
- rdflib: Pure Python package for working with RDF
Details:
Gabriel Corona discovered that RDFLib did not properly load modules on the
command-line. An attacker could possibly use this issue to cause RDFLib to
execute arbitrary code. (CVE-2019-7653)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: python-rdflib 4.1.2-3+deb8u1build0.16.04.1 python-rdflib-tools 4.1.2-3+deb8u1build0.16.04.1 python3-rdflib 4.1.2-3+deb8u1build0.16.04.1 After a standard system update you need to restart any applications that make use of RDFLib to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4535-1
CVE-2019-7653
Get the latest Linux and open source security news straight to your inbox.