SUSE-SU-2015:0271-1

Опубликовано: 24 янв. 2015

Источник: suse-cvrf

Описание

Security update for xdg-utils

This update of xdg-utils fixes a command injection security problem (CVE-2014-9622, bsc#913676) and a bug when opening files where multiple mime handlers existed (bsc#906625).

Список пакетов

SUSE Linux Enterprise Desktop 12

xdg-utils-20140630-5.1

SUSE Linux Enterprise Server 12

xdg-utils-20140630-5.1

SUSE Linux Enterprise Server for SAP Applications 12

xdg-utils-20140630-5.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150271-1/
Link for SUSE-SU-2015:0271-1
https://lists.suse.com/pipermail/sle-security-updates/2015-February/001219.html
E-Mail link for SUSE-SU-2015:0271-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/906625
SUSE Bug 906625
https://bugzilla.suse.com/913676
SUSE Bug 913676
https://www.suse.com/security/cve/CVE-2014-9622/
SUSE CVE CVE-2014-9622 page

Описание

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

Затронутые продукты

SUSE Linux Enterprise Desktop 12:xdg-utils-20140630-5.1

SUSE Linux Enterprise Server 12:xdg-utils-20140630-5.1

SUSE Linux Enterprise Server for SAP Applications 12:xdg-utils-20140630-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9622.html
CVE-2014-9622
https://bugzilla.suse.com/913676
SUSE Bug 913676

SUSE-SU-2015:0271-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

Ссылки

Уязвимость: CVE-2014-9622

Описание

Затронутые продукты

Ссылки