lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YD3rD-0002aQ-2Y@alpha.psidef.org>
Date: Sun, 18 Jan 2015 23:22:31 -0500
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3131-1] xdg-utils security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3131-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
January 18, 2015                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xdg-utils
CVE ID         : CVE-2014-9622
Debian Bug     : 773085

John Houwer discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user's preferred application, to execute arbitrary
commands remotely.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.0~rc1+git20111210-6+deb7u2.

For the upcoming stable (jessie) and unstable (sid) distributions,
this problem has been fixed in version 1.1.0~rc1+git20111210-7.3.

We recommend that you upgrade your xdg-utils packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJUvIOpAAoJELjWss0C1vRzyfIgAL+XQ0ld3B3JXgdPJQQpfdaY
00JPoJhdpOEBxofEiAgkNd7EV2COkmRPO0ekvhxEKavxd9oxUWmNyK9bZ+LaVcDg
OQtAE57gSTF3qFbgOsuPkU0q6eMVPzH+kSxuXBV5962LNKTvdNnnWlri70aB5JLW
rMXdcGkOlh0ozDe5CNz3wZRZGUmbDyRbd29F+BtfAqH7fBtrCBUifwr00A24E6aS
+DIgCSMg5GUuAU3SfTh1xSE3+rfU2uxnTYC1ZdrnJrlBiMIqfitNaE2QOVw8RrAm
PA62BWnbkHJmTHmG0NfAlU5mv3QcaXG9QEny0Plh6QsL1myjkUngH+g/EfdGg845
LNU84A8U19YGfXdWD+dCol11c5mfAPk5NQdtapo9LuP3Hx05MDYVxXCfupbsEV1i
AMHplt7jhnjAsZhgb0RGzgIbi8OEk8rEL+hCiwzzHnmL1RjtHiByhOMFf7ZpbTNA
tF7/cDNchhVaxJ+iKId9JBB0X2FIRrJVfZST6LT3hoCV0nUwjeiTMQTz1Lshs/8Q
EoUfLpJJDemdnk2otXNPGDD4kzJMdpsZx+u77Pm7ZD45LaWuVoROUrk2j4MRwHzK
sI2B+8FA5GKiG1XWRmvTaqm9NZl/N8C2IVmvw1yPDVdSQ0cn90NeJdjcqFt9VV1e
RljXNebLmbE0eLXvhB2ZHPmEy/uedzr2isrLzvejU2NyJKE4qwmc4Xv1o9cxT85J
lh4KOPkOEIgTAsKvywG1bilv5cNLhliEN7CzcFO2AIDIYLz4Txy8WiOHHEIYxTWt
DlhdcXACQ/jpzt8dZh+yMUU33FjsO7fLSb7eaGe0FIx8juZG5gIr0OTg/6eZi+Eb
ruaOCGsKHV0uKBIvID22nDjJnvKsp0fDzKDTz9522ypNQI7k3Krv7I7nM46Y9oN8
n1gVKH0DflS/eZnMDgixUoBHg35pFPSz6FpSAcZRPFxCBU45+K2u0ZZ7Yq1BwEWc
c8c12hVnydyIdNmdqVNIXfcdal+fAZd3ZD9fS53UMQac+RnU5LnLHVaZuyMkITyw
IjJWolZj5JfENaEOEPOkspzm48cu/vp+u4yBnMMy7KyuXGI8y5rQGQIF1/7QJ/SJ
kWVE+qFiI2OPCMQlcyvEZqcaiBqXVrA8kAtH4P0fzz09M806+kb3dqzmxiEUweR7
YaRWSBLir9t6LXRAgAEw1v6oKxwMUWc5ES63QvHultdc4rhB2tFwwuvg0aYXVi3+
HEm7O44WhX5qQgqOUY0N2AJB30i7VNelwLK2Xt3wm/ychcHhkv+otLp17WvBVjA+
6LnJAClnPFm1CLJbpVMi9iebHkw9kJDsN2CZqVs6clSGVYYzIMfogg8969Qona8=
=TI29
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ