MGASA-2021-0141

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0141.html

Import Source

https://advisories.mageia.org/MGASA-2021-0141.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0141

Related

CVE-2019-14868

Published

2021-03-17T11:01:53Z

Modified

2021-03-17T10:09:09Z

Summary

Updated ksh packages fix security vulnerability

Details

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely (CVE-2019-14868).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ksh

Package

Name: ksh
Purl: pkg:rpm/mageia/ksh?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2020.0.0.81.git8052490-0.1.1.mga7

Ecosystem specific

{
    "section": "core"
}