MGASA-2018-0059

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0059.html

Import Source

https://advisories.mageia.org/MGASA-2018-0059.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0059

Related

CVE-2017-16667

Published

2018-01-04T16:48:42Z

Modified

2018-01-04T16:35:50Z

Summary

Updated backintime packages fix security vulnerability

Details

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands (CVE-2017-16667).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / backintime

Package

Name: backintime
Purl: pkg:rpm/mageia/backintime?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.24-1.mga6

Ecosystem specific

{
    "section": "core"
}