Описание
Security update for global
This update for global fixes the following issue:
- CVE-2017-17531: Argument-injection vulnerability allowed execution of arbitrary code via crafted URLs (boo#1073197)
Список пакетов
openSUSE Leap 42.2
global-6.5.1-6.1
openSUSE Leap 42.3
global-6.5.1-6.1
Ссылки
- E-Mail link for openSUSE-SU-2017:3442-1
- SUSE Security Ratings
Описание
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
Затронутые продукты
openSUSE Leap 42.2:global-6.5.1-6.1
openSUSE Leap 42.3:global-6.5.1-6.1
Ссылки
- CVE-2017-17531
- SUSE Bug 1073197