SUSE-SU-2018:1497-1

Опубликовано: 04 июн. 2018

Источник: suse-cvrf

Описание

Security update for xdg-utils

This update for xdg-utils fixes the following issues:

Security issue:

CVE-2017-18266: Fix an argument injection when BROWSER contains %s (bsc#1093086).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

xdg-utils-20140630-6.3.1

SUSE Linux Enterprise Server 12 SP3

xdg-utils-20140630-6.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

xdg-utils-20140630-6.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181497-1/
Link for SUSE-SU-2018:1497-1
https://lists.suse.com/pipermail/sle-security-updates/2018-June/004111.html
E-Mail link for SUSE-SU-2018:1497-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1093086
SUSE Bug 1093086
https://www.suse.com/security/cve/CVE-2017-18266/
SUSE CVE CVE-2017-18266 page

Описание

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:xdg-utils-20140630-6.3.1

SUSE Linux Enterprise Server 12 SP3:xdg-utils-20140630-6.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3:xdg-utils-20140630-6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18266.html
CVE-2017-18266
https://bugzilla.suse.com/1093086
SUSE Bug 1093086

SUSE-SU-2018:1497-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP3

Ссылки

Уязвимость: CVE-2017-18266

Описание

Затронутые продукты

Ссылки