Lucene search
DebianDEBIAN:DLA-217-1:CAA5EHistoryMay 01, 2015 - 9:33 a.m.
[SECURITY] [DLA 217-1] xdg-utils security update
2015-05-0109:33:23
lists.debian.org
11
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
The two below CVE issues have recently been fixed in Debian squeeze-lts:
CVE-2014-9622
John Houwer discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user's preferred application, to execute arbitrary
commands remotely.
CVE-2015-1877
Jiri Horner discovered a way to cause xdg-open, a tool that automatically
opens URLs in a user's preferred application, to execute arbitrary
commands remotely.
This problem only affects /bin/sh implementations that don't sanitize
local variables. Dash, which is the default /bin/sh in Debian is
affected. Bash as /bin/sh is known to be unaffected.
–
mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | xdg-utils | < 1.0.2+cvs20100307-2+deb6u1 | xdg-utils_1.0.2+cvs20100307-2+deb6u1_all.deb |
Related
osv
osv
xdg-utils - security update
2015-05-01 00:00:00
xdg-utils - security update
2015-01-18 00:00:00
securityvulns
securityvulns
xdg-open code execution
2015-03-08 00:00:00
[SECURITY] [DSA 3131-1] xdg-utils security update
2015-01-19 00:00:00
[SECURITY] [DSA 3165-1] xdg-utils security update
2015-03-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-217-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0271-1)
2021-04-19 00:00:00
Debian Security Advisory DSA 3165-1 (xdg-utils - security update)
2015-02-21 00:00:00
mageia
mageia
Updated xdg-utils packages fix CVE-2014-9622
2015-02-11 23:47:51
nessus
nessus
Debian DSA-3131-1 : xdg-utils - security update
2015-01-20 00:00:00
GLSA-201701-09 : Xdg-Utils: Command injection
2017-01-03 00:00:00
openSUSE Security Update : xdg-utils (openSUSE-SU-2015:0191-1)
2015-02-03 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 18:59:00
Design/Logic Flaw
2021-06-02 17:15:00
cve
cve
CVE-2014-9622
2015-01-21 18:59:00
CVE-2015-1877
2021-06-02 17:15:00
ubuntucve
ubuntucve
CVE-2014-9622
2015-01-21 00:00:00
CVE-2015-1877
2021-06-02 00:00:00
debiancve
debiancve
CVE-2014-9622
2015-01-21 18:59:00
CVE-2015-1877
2021-06-02 17:15:00
gentoo
gentoo
Xdg-Utils: Command injection
2017-01-01 00:00:00
debian
debian
[SECURITY] [DSA 3165-1] xdg-utils security update
2015-02-22 05:00:55
[SECURITY] [DSA 3165-1] xdg-utils security update
2015-02-22 05:00:31
[SECURITY] [DSA 3131-1] xdg-utils security update
2015-01-19 04:22:31
rosalinux
rosalinux
Advisory ROSA-SA-2021-2001
2021-07-02 18:21:18
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for DEBIAN:DLA-217-1:CAA5E