MGASA-2018-0289

Source
https://advisories.mageia.org/MGASA-2018-0289.html
Import Source
https://advisories.mageia.org/MGASA-2018-0289.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2018-0289
Related
Published
2018-06-19T23:42:28Z
Modified
2018-06-19T23:06:04Z
Summary
Updated xdg-utils package fixes security vulnerability
Details

Updated xdg-utils package fixes security vulnerability:

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable (CVE-2017-18266).

References
Credits

Affected packages

Mageia:6 / xdg-utils

Package

Name
xdg-utils
Purl
pkg:rpm/mageia/xdg-utils?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.3-1.mga6

Ecosystem specific

{
    "section": "core"
}